rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
postgresql/doc/src/sgml/release-9.0.sgml

11092 lines
311 KiB
Plaintext
Raw Blame History

<!-- doc/src/sgml/release-9.0.sgml -->
<!-- See header comment in release.sgml about typical markup -->
<sect1 id="release-9-0-23">
<title>Release 9.0.23</title>
<note>
<title>Release Date</title>
<simpara>2015-10-08</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.22.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<para>
This is expected to be the last <productname>PostgreSQL</> release
in the 9.0.X series. Users are encouraged to update to a newer
release branch soon.
</para>
<sect2>
<title>Migration to Version 9.0.23</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.18,
see <xref linkend="release-9-0-18">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</> to detect and report
too-short <function>crypt()</> salts (Josh Kupershmidt)
</para>
<para>
Certain invalid salt arguments crashed the server or disclosed a few
bytes of server memory. We have not ruled out the viability of
attacks that arrange for presence of confidential information in the
disclosed bytes, but they seem unlikely. (CVE-2015-5288)
</para>
</listitem>
<listitem>
<para>
Fix subtransaction cleanup after a portal (cursor) belonging to an
outer subtransaction fails (Tom Lane, Michael Paquier)
</para>
<para>
A function executed in an outer-subtransaction cursor could cause an
assertion failure or crash by referencing a relation created within an
inner subtransaction.
</para>
</listitem>
<listitem>
<para>
Fix insertion of relations into the relation cache <quote>init file</>
(Tom Lane)
</para>
<para>
An oversight in a patch in the most recent minor releases
caused <structname>pg_trigger_tgrelid_tgname_index</> to be omitted
from the init file. Subsequent sessions detected this, then deemed the
init file to be broken and silently ignored it, resulting in a
significant degradation in session startup time. In addition to fixing
the bug, install some guards so that any similar future mistake will be
more obvious.
</para>
</listitem>
<listitem>
<para>
Avoid O(N^2) behavior when inserting many tuples into a SPI query
result (Neil Conway)
</para>
</listitem>
<listitem>
<para>
Improve <command>LISTEN</> startup time when there are many unread
notifications (Matt Newell)
</para>
</listitem>
<listitem>
<para>
Disable SSL renegotiation by default (Michael Paquier, Andres Freund)
</para>
<para>
While use of SSL renegotiation is a good idea in theory, we have seen
too many bugs in practice, both in the underlying OpenSSL library and
in our usage of it. Renegotiation will be removed entirely in 9.5 and
later. In the older branches, just change the default value
of <varname>ssl_renegotiation_limit</> to zero (disabled).
</para>
</listitem>
<listitem>
<para>
Lower the minimum values of the <literal>*_freeze_max_age</> parameters
(Andres Freund)
</para>
<para>
This is mainly to make tests of related behavior less time-consuming,
but it may also be of value for installations with limited disk space.
</para>
</listitem>
<listitem>
<para>
Limit the maximum value of <varname>wal_buffers</> to 2GB to avoid
server crashes (Josh Berkus)
</para>
</listitem>
<listitem>
<para>
Fix rare internal overflow in multiplication of <type>numeric</> values
(Dean Rasheed)
</para>
</listitem>
<listitem>
<para>
Guard against hard-to-reach stack overflows involving record types,
range types, <type>json</>, <type>jsonb</>, <type>tsquery</>,
<type>ltxtquery</> and <type>query_int</> (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix handling of <literal>DOW</> and <literal>DOY</> in datetime input
(Greg Stark)
</para>
<para>
These tokens aren't meant to be used in datetime values, but previously
they resulted in opaque internal error messages rather
than <quote>invalid input syntax</>.
</para>
</listitem>
<listitem>
<para>
Add more query-cancel checks to regular expression matching (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add recursion depth protections to regular expression, <literal>SIMILAR
TO</>, and <literal>LIKE</> matching (Tom Lane)
</para>
<para>
Suitable search patterns and a low stack depth limit could lead to
stack-overrun crashes.
</para>
</listitem>
<listitem>
<para>
Fix potential infinite loop in regular expression execution (Tom Lane)
</para>
<para>
A search pattern that can apparently match a zero-length string, but
actually doesn't match because of a back reference, could lead to an
infinite loop.
</para>
</listitem>
<listitem>
<para>
Fix low-memory failures in regular expression compilation
(Andreas Seltenreich)
</para>
</listitem>
<listitem>
<para>
Fix low-probability memory leak during regular expression execution
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix rare low-memory failure in lock cleanup during transaction abort
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <quote>unexpected out-of-memory situation during sort</> errors
when using tuplestores with small <varname>work_mem</> settings (Tom
Lane)
</para>
</listitem>
<listitem>
<para>
Fix very-low-probability stack overrun in <function>qsort</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <quote>invalid memory alloc request size</> failure in hash joins
with large <varname>work_mem</> settings (Tomas Vondra, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix assorted planner bugs (Tom Lane)
</para>
<para>
These mistakes could lead to incorrect query plans that would give wrong
answers, or to assertion failures in assert-enabled builds, or to odd
planner errors such as <quote>could not devise a query plan for the
given query</>, <quote>could not find pathkey item to
sort</>, <quote>plan should not reference subplan's variable</>,
or <quote>failed to assign all NestLoopParams to plan nodes</>.
Thanks are due to Andreas Seltenreich and Piotr Stefaniak for fuzz
testing that exposed these problems.
</para>
</listitem>
<listitem>
<para>
Use fuzzy path cost tiebreaking rule in all supported branches (Tom Lane)
</para>
<para>
This change is meant to avoid platform-specific behavior when
alternative plan choices have effectively-identical estimated costs.
</para>
</listitem>
<listitem>
<para>
During postmaster shutdown, ensure that per-socket lock files are
removed and listen sockets are closed before we remove
the <filename>postmaster.pid</> file (Tom Lane)
</para>
<para>
This avoids race-condition failures if an external script attempts to
start a new postmaster as soon as <literal>pg_ctl stop</> returns.
</para>
</listitem>
<listitem>
<para>
Fix postmaster's handling of a startup-process crash during crash
recovery (Tom Lane)
</para>
<para>
If, during a crash recovery cycle, the startup process crashes without
having restored database consistency, we'd try to launch a new startup
process, which typically would just crash again, leading to an infinite
loop.
</para>
</listitem>
<listitem>
<para>
Do not print a <literal>WARNING</> when an autovacuum worker is already
gone when we attempt to signal it, and reduce log verbosity for such
signals (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent autovacuum launcher from sleeping unduly long if the server
clock is moved backwards a large amount (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Ensure that cleanup of a GIN index's pending-insertions list is
interruptable by cancel requests (Jeff Janes)
</para>
</listitem>
<listitem>
<para>
Allow all-zeroes pages in GIN indexes to be reused (Heikki Linnakangas)
</para>
<para>
Such a page might be left behind after a crash.
</para>
</listitem>
<listitem>
<para>
Fix off-by-one error that led to otherwise-harmless warnings
about <quote>apparent wraparound</> in subtrans/multixact truncation
(Thomas Munro)
</para>
</listitem>
<listitem>
<para>
Fix misreporting of <command>CONTINUE</> and <command>MOVE</> statement
types in <application>PL/pgSQL</>'s error context messages
(Pavel Stehule, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix some places in <application>PL/Tcl</> that neglected to check for
failure of <function>malloc()</> calls (Michael Paquier, &Aacute;lvaro
Herrera)
</para>
</listitem>
<listitem>
<para>
Improve <application>libpq</>'s handling of out-of-memory conditions
(Michael Paquier, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix memory leaks and missing out-of-memory checks
in <application>ecpg</> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s code for locale-aware formatting of numeric
output (Tom Lane)
</para>
<para>
The formatting code invoked by <literal>\pset numericlocale on</>
did the wrong thing for some uncommon cases such as numbers with an
exponent but no decimal point. It could also mangle already-localized
output from the <type>money</> data type.
</para>
</listitem>
<listitem>
<para>
Prevent crash in <application>psql</>'s <command>\c</> command when
there is no current connection (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Ensure that temporary files created during a <application>pg_dump</>
run with <acronym>tar</>-format output are not world-readable (Michael
Paquier)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> and <application>pg_upgrade</> to support
cases where the <literal>postgres</> or <literal>template1</> database
is in a non-default tablespace (Marti Raudsepp, Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to handle object privileges sanely when
dumping from a server too old to have a particular privilege type
(Tom Lane)
</para>
<para>
When dumping functions or procedural languages from pre-7.3
servers, <application>pg_dump</> would
produce <command>GRANT</>/<command>REVOKE</> commands that revoked the
owner's grantable privileges and instead granted all privileges
to <literal>PUBLIC</>. Since the privileges involved are
just <literal>USAGE</> and <literal>EXECUTE</>, this isn't a security
problem, but it's certainly a surprising representation of the older
systems' behavior. Fix it to leave the default privilege state alone
in these cases.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to dump shell types (Tom Lane)
</para>
<para>
Shell types (that is, not-yet-fully-defined types) aren't useful for
much, but nonetheless <application>pg_dump</> should dump them.
</para>
</listitem>
<listitem>
<para>
Fix spinlock assembly code for PPC hardware to be compatible
with <acronym>AIX</>'s native assembler (Tom Lane)
</para>
<para>
Building with <application>gcc</> didn't work if <application>gcc</>
had been configured to use the native assembler, which is becoming more
common.
</para>
</listitem>
<listitem>
<para>
On <acronym>AIX</>, test the <literal>-qlonglong</> compiler option
rather than just assuming it's safe to use (Noah Misch)
</para>
</listitem>
<listitem>
<para>
On <acronym>AIX</>, use <literal>-Wl,-brtllib</> link option to allow
symbols to be resolved at runtime (Noah Misch)
</para>
<para>
Perl relies on this ability in 5.8.0 and later.
</para>
</listitem>
<listitem>
<para>
Avoid use of inline functions when compiling with
32-bit <application>xlc</>, due to compiler bugs (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Use <filename>librt</> for <function>sched_yield()</> when necessary,
which it is on some Solaris versions (Oskari Saarenmaa)
</para>
</listitem>
<listitem>
<para>
Fix Windows <filename>install.bat</> script to handle target directory
names that contain spaces (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Make the numeric form of the <productname>PostgreSQL</> version number
(e.g., <literal>90405</>) readily available to extension Makefiles,
as a variable named <varname>VERSION_NUM</> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2015g for
DST law changes in Cayman Islands, Fiji, Moldova, Morocco, Norfolk
Island, North Korea, Turkey, and Uruguay. There is a new zone name
<literal>America/Fort_Nelson</> for the Canadian Northern Rockies.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-22">
<title>Release 9.0.22</title>
<note>
<title>Release Date</title>
<simpara>2015-06-12</simpara>
</note>
<para>
This release contains a small number of fixes from 9.0.21.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<para>
The <productname>PostgreSQL</> community will stop releasing updates
for the 9.0.X release series in September 2015.
Users are encouraged to update to a newer release branch soon.
</para>
<sect2>
<title>Migration to Version 9.0.22</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.18,
see <xref linkend="release-9-0-18">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix rare failure to invalidate relation cache init file (Tom Lane)
</para>
<para>
With just the wrong timing of concurrent activity, a <command>VACUUM
FULL</> on a system catalog might fail to update the <quote>init file</>
that's used to avoid cache-loading work for new sessions. This would
result in later sessions being unable to access that catalog at all.
This is a very ancient bug, but it's so hard to trigger that no
reproducible case had been seen until recently.
</para>
</listitem>
<listitem>
<para>
Avoid deadlock between incoming sessions and <literal>CREATE/DROP
DATABASE</> (Tom Lane)
</para>
<para>
A new session starting in a database that is the target of
a <command>DROP DATABASE</> command, or is the template for
a <command>CREATE DATABASE</> command, could cause the command to wait
for five seconds and then fail, even if the new session would have
exited before that.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-21">
<title>Release 9.0.21</title>
<note>
<title>Release Date</title>
<simpara>2015-06-04</simpara>
</note>
<para>
This release contains a small number of fixes from 9.0.20.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<para>
The <productname>PostgreSQL</> community will stop releasing updates
for the 9.0.X release series in September 2015.
Users are encouraged to update to a newer release branch soon.
</para>
<sect2>
<title>Migration to Version 9.0.21</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.18,
see <xref linkend="release-9-0-18">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Avoid failures while <function>fsync</>'ing data directory during
crash restart (Abhijit Menon-Sen, Tom Lane)
</para>
<para>
In the previous minor releases we added a patch to <function>fsync</>
everything in the data directory after a crash. Unfortunately its
response to any error condition was to fail, thereby preventing the
server from starting up, even when the problem was quite harmless.
An example is that an unwritable file in the data directory would
prevent restart on some platforms; but it is common to make SSL
certificate files unwritable by the server. Revise this behavior so
that permissions failures are ignored altogether, and other types of
failures are logged but do not prevent continuing.
</para>
</listitem>
<listitem>
<para>
Remove <application>configure</>'s check prohibiting linking to a
threaded <application>libpython</>
on <systemitem class="osname">OpenBSD</> (Tom Lane)
</para>
<para>
The failure this restriction was meant to prevent seems to not be a
problem anymore on current <systemitem class="osname">OpenBSD</>
versions.
</para>
</listitem>
<listitem>
<para>
Allow <application>libpq</> to use TLS protocol versions beyond v1
(Noah Misch)
</para>
<para>
For a long time, <application>libpq</> was coded so that the only SSL
protocol it would allow was TLS v1. Now that newer TLS versions are
becoming popular, allow it to negotiate the highest commonly-supported
TLS version with the server. (<productname>PostgreSQL</> servers were
already capable of such negotiation, so no change is needed on the
server side.) This is a back-patch of a change already released in
9.4.0.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-20">
<title>Release 9.0.20</title>
<note>
<title>Release Date</title>
<simpara>2015-05-22</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.19.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<para>
The <productname>PostgreSQL</> community will stop releasing updates
for the 9.0.X release series in September 2015.
Users are encouraged to update to a newer release branch soon.
</para>
<sect2>
<title>Migration to Version 9.0.20</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.18,
see <xref linkend="release-9-0-18">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Avoid possible crash when client disconnects just before the
authentication timeout expires (Benkocs Norbert Attila)
</para>
<para>
If the timeout interrupt fired partway through the session shutdown
sequence, SSL-related state would be freed twice, typically causing a
crash and hence denial of service to other sessions. Experimentation
shows that an unauthenticated remote attacker could trigger the bug
somewhat consistently, hence treat as security issue.
(CVE-2015-3165)
</para>
</listitem>
<listitem>
<para>
Improve detection of system-call failures (Noah Misch)
</para>
<para>
Our replacement implementation of <function>snprintf()</> failed to
check for errors reported by the underlying system library calls;
the main case that might be missed is out-of-memory situations.
In the worst case this might lead to information exposure, due to our
code assuming that a buffer had been overwritten when it hadn't been.
Also, there were a few places in which security-relevant calls of other
system library functions did not check for failure.
</para>
<para>
It remains possible that some calls of the <function>*printf()</>
family of functions are vulnerable to information disclosure if an
out-of-memory error occurs at just the wrong time. We judge the risk
to not be large, but will continue analysis in this area.
(CVE-2015-3166)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/pgcrypto</>, uniformly report decryption failures
as <quote>Wrong key or corrupt data</> (Noah Misch)
</para>
<para>
Previously, some cases of decryption with an incorrect key could report
other error message texts. It has been shown that such variance in
error reports can aid attackers in recovering keys from other systems.
While it's unknown whether <filename>pgcrypto</>'s specific behaviors
are likewise exploitable, it seems better to avoid the risk by using a
one-size-fits-all message.
(CVE-2015-3167)
</para>
</listitem>
<listitem>
<para>
Fix incorrect checking of deferred exclusion constraints after a HOT
update (Tom Lane)
</para>
<para>
If a new row that potentially violates a deferred exclusion constraint
is HOT-updated (that is, no indexed columns change and the row can be
stored back onto the same table page) later in the same transaction,
the exclusion constraint would be reported as violated when the check
finally occurred, even if the row(s) the new row originally conflicted
with had been deleted.
</para>
</listitem>
<listitem>
<para>
Prevent improper reordering of antijoins (NOT EXISTS joins) versus
other outer joins (Tom Lane)
</para>
<para>
This oversight in the planner has been observed to cause <quote>could
not find RelOptInfo for given relids</> errors, but it seems possible
that sometimes an incorrect query plan might get past that consistency
check and result in silently-wrong query output.
</para>
</listitem>
<listitem>
<para>
Fix incorrect matching of subexpressions in outer-join plan nodes
(Tom Lane)
</para>
<para>
Previously, if textually identical non-strict subexpressions were used
both above and below an outer join, the planner might try to re-use
the value computed below the join, which would be incorrect because the
executor would force the value to NULL in case of an unmatched outer row.
</para>
</listitem>
<listitem>
<para>
Fix GEQO planner to cope with failure of its join order heuristic
(Tom Lane)
</para>
<para>
This oversight has been seen to lead to <quote>failed to join all
relations together</> errors in queries involving <literal>LATERAL</>,
and that might happen in other cases as well.
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock at startup
when <literal>max_prepared_transactions</> is too small
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Don't archive useless preallocated WAL files after a timeline switch
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Avoid <quote>cannot GetMultiXactIdMembers() during recovery</> error
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Recursively <function>fsync()</> the data directory after a crash
(Abhijit Menon-Sen, Robert Haas)
</para>
<para>
This ensures consistency if another crash occurs shortly later. (The
second crash would have to be a system-level crash, not just a database
crash, for there to be a problem.)
</para>
</listitem>
<listitem>
<para>
Fix autovacuum launcher's possible failure to shut down, if an error
occurs after it receives SIGTERM (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Cope with unexpected signals in <function>LockBufferForCleanup()</>
(Andres Freund)
</para>
<para>
This oversight could result in spurious errors about <quote>multiple
backends attempting to wait for pincount 1</>.
</para>
</listitem>
<listitem>
<para>
Avoid waiting for WAL flush or synchronous replication during commit of
a transaction that was read-only so far as the user is concerned
(Andres Freund)
</para>
<para>
Previously, a delay could occur at commit in transactions that had
written WAL due to HOT page pruning, leading to undesirable effects
such as sessions getting stuck at startup if all synchronous replicas
are down. Sessions have also been observed to get stuck in catchup
interrupt processing when using synchronous replication; this will fix
that problem as well.
</para>
</listitem>
<listitem>
<para>
Fix crash when manipulating hash indexes on temporary tables
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix possible failure during hash index bucket split, if other processes
are modifying the index concurrently (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Check for interrupts while analyzing index expressions (Jeff Janes)
</para>
<para>
<command>ANALYZE</> executes index expressions many times; if there are
slow functions in such an expression, it's desirable to be able to
cancel the <command>ANALYZE</> before that loop finishes.
</para>
</listitem>
<listitem>
<para>
Add the name of the target server to object description strings for
foreign-server user mappings (&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Recommend setting <literal>include_realm</> to 1 when using
Kerberos/GSSAPI/SSPI authentication (Stephen Frost)
</para>
<para>
Without this, identically-named users from different realms cannot be
distinguished. For the moment this is only a documentation change, but
it will become the default setting in <productname>PostgreSQL</> 9.5.
</para>
</listitem>
<listitem>
<para>
Remove code for matching IPv4 <filename>pg_hba.conf</> entries to
IPv4-in-IPv6 addresses (Tom Lane)
</para>
<para>
This hack was added in 2003 in response to a report that some Linux
kernels of the time would report IPv4 connections as having
IPv4-in-IPv6 addresses. However, the logic was accidentally broken in
9.0. The lack of any field complaints since then shows that it's not
needed anymore. Now we have reports that the broken code causes
crashes on some systems, so let's just remove it rather than fix it.
(Had we chosen to fix it, that would make for a subtle and potentially
security-sensitive change in the effective meaning of
IPv4 <filename>pg_hba.conf</> entries, which does not seem like a good
thing to do in minor releases.)
</para>
</listitem>
<listitem>
<para>
While shutting down service on Windows, periodically send status
updates to the Service Control Manager to prevent it from killing the
service too soon; and ensure that <application>pg_ctl</> will wait for
shutdown (Krystian Bigaj)
</para>
</listitem>
<listitem>
<para>
Reduce risk of network deadlock when using <application>libpq</>'s
non-blocking mode (Heikki Linnakangas)
</para>
<para>
When sending large volumes of data, it's important to drain the input
buffer every so often, in case the server has sent enough response data
to cause it to block on output. (A typical scenario is that the server
is sending a stream of NOTICE messages during <literal>COPY FROM
STDIN</>.) This worked properly in the normal blocking mode, but not
so much in non-blocking mode. We've modified <application>libpq</>
to opportunistically drain input when it can, but a full defense
against this problem requires application cooperation: the application
should watch for socket read-ready as well as write-ready conditions,
and be sure to call <function>PQconsumeInput()</> upon read-ready.
</para>
</listitem>
<listitem>
<para>
Fix array handling in <application>ecpg</> (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</> to sanely handle URIs and conninfo strings as
the first parameter to <command>\connect</>
(David Fetter, Andrew Dunstan, &Aacute;lvaro Herrera)
</para>
<para>
This syntax has been accepted (but undocumented) for a long time, but
previously some parameters might be taken from the old connection
instead of the given string, which was agreed to be undesirable.
</para>
</listitem>
<listitem>
<para>
Suppress incorrect complaints from <application>psql</> on some
platforms that it failed to write <filename>~/.psql_history</> at exit
(Tom Lane)
</para>
<para>
This misbehavior was caused by a workaround for a bug in very old
(pre-2006) versions of <application>libedit</>. We fixed it by
removing the workaround, which will cause a similar failure to appear
for anyone still using such versions of <application>libedit</>.
Recommendation: upgrade that library, or use <application>libreadline</>.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</>'s rule for deciding which casts are
system-provided casts that should not be dumped (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix dumping of views that are just <literal>VALUES(...)</> but have
column aliases (Tom Lane)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, force timeline 1 in the new cluster
(Bruce Momjian)
</para>
<para>
This change prevents upgrade failures caused by bogus complaints about
missing WAL history files.
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, check for improperly non-connectable
databases before proceeding
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, quote directory paths
properly in the generated <literal>delete_old_cluster</> script
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, preserve database-level freezing info
properly
(Bruce Momjian)
</para>
<para>
This oversight could cause missing-clog-file errors for tables within
the <literal>postgres</> and <literal>template1</> databases.
</para>
</listitem>
<listitem>
<para>
Run <application>pg_upgrade</> and <application>pg_resetxlog</> with
restricted privileges on Windows, so that they don't fail when run by
an administrator (Muhammad Asif Naeem)
</para>
</listitem>
<listitem>
<para>
Fix slow sorting algorithm in <filename>contrib/intarray</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix compile failure on Sparc V8 machines (Rob Rowan)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2015d
for DST law changes in Egypt, Mongolia, and Palestine, plus historical
changes in Canada and Chile. Also adopt revised zone abbreviations for
the America/Adak zone (HST/HDT not HAST/HADT).
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-19">
<title>Release 9.0.19</title>
<note>
<title>Release Date</title>
<simpara>2015-02-05</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.18.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.19</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.18,
see <xref linkend="release-9-0-18">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix buffer overruns in <function>to_char()</>
(Bruce Momjian)
</para>
<para>
When <function>to_char()</> processes a numeric formatting template
calling for a large number of digits, <productname>PostgreSQL</>
would read past the end of a buffer. When processing a crafted
timestamp formatting template, <productname>PostgreSQL</> would write
past the end of a buffer. Either case could crash the server.
We have not ruled out the possibility of attacks that lead to
privilege escalation, though they seem unlikely.
(CVE-2015-0241)
</para>
</listitem>
<listitem>
<para>
Fix buffer overrun in replacement <function>*printf()</> functions
(Tom Lane)
</para>
<para>
<productname>PostgreSQL</> includes a replacement implementation
of <function>printf</> and related functions. This code will overrun
a stack buffer when formatting a floating point number (conversion
specifiers <literal>e</>, <literal>E</>, <literal>f</>, <literal>F</>,
<literal>g</> or <literal>G</>) with requested precision greater than
about 500. This will crash the server, and we have not ruled out the
possibility of attacks that lead to privilege escalation.
A database user can trigger such a buffer overrun through
the <function>to_char()</> SQL function. While that is the only
affected core <productname>PostgreSQL</> functionality, extension
modules that use printf-family functions may be at risk as well.
</para>
<para>
This issue primarily affects <productname>PostgreSQL</> on Windows.
<productname>PostgreSQL</> uses the system implementation of these
functions where adequate, which it is on other modern platforms.
(CVE-2015-0242)
</para>
</listitem>
<listitem>
<para>
Fix buffer overruns in <filename>contrib/pgcrypto</>
(Marko Tiikkaja, Noah Misch)
</para>
<para>
Errors in memory size tracking within the <filename>pgcrypto</>
module permitted stack buffer overruns and improper dependence on the
contents of uninitialized memory. The buffer overrun cases can
crash the server, and we have not ruled out the possibility of
attacks that lead to privilege escalation.
(CVE-2015-0243)
</para>
</listitem>
<listitem>
<para>
Fix possible loss of frontend/backend protocol synchronization after
an error
(Heikki Linnakangas)
</para>
<para>
If any error occurred while the server was in the middle of reading a
protocol message from the client, it could lose synchronization and
incorrectly try to interpret part of the message's data as a new
protocol message. An attacker able to submit crafted binary data
within a command parameter might succeed in injecting his own SQL
commands this way. Statement timeout and query cancellation are the
most likely sources of errors triggering this scenario. Particularly
vulnerable are applications that use a timeout and also submit
arbitrary user-crafted data as binary query parameters. Disabling
statement timeout will reduce, but not eliminate, the risk of
exploit. Our thanks to Emil Lenngren for reporting this issue.
(CVE-2015-0244)
</para>
</listitem>
<listitem>
<para>
Fix information leak via constraint-violation error messages
(Stephen Frost)
</para>
<para>
Some server error messages show the values of columns that violate
a constraint, such as a unique constraint. If the user does not have
<literal>SELECT</> privilege on all columns of the table, this could
mean exposing values that the user should not be able to see. Adjust
the code so that values are displayed only when they came from the SQL
command or could be selected by the user.
(CVE-2014-8161)
</para>
</listitem>
<listitem>
<para>
Lock down regression testing's temporary installations on Windows
(Noah Misch)
</para>
<para>
Use SSPI authentication to allow connections only from the OS user
who launched the test suite. This closes on Windows the same
vulnerability previously closed on other platforms, namely that other
users might be able to connect to the test postmaster.
(CVE-2014-0067)
</para>
</listitem>
<listitem>
<para>
Avoid possible data corruption if <command>ALTER DATABASE SET
TABLESPACE</> is used to move a database to a new tablespace and then
shortly later move it back to its original tablespace (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Avoid corrupting tables when <command>ANALYZE</> inside a transaction
is rolled back (Andres Freund, Tom Lane, Michael Paquier)
</para>
<para>
If the failing transaction had earlier removed the last index, rule, or
trigger from the table, the table would be left in a corrupted state
with the relevant <structname>pg_class</> flags not set though they
should be.
</para>
</listitem>
<listitem>
<para>
Fix use-of-already-freed-memory problem in EvalPlanQual processing
(Tom Lane)
</para>
<para>
In <literal>READ COMMITTED</> mode, queries that lock or update
recently-updated rows could crash as a result of this bug.
</para>
</listitem>
<listitem>
<para>
Fix planning of <command>SELECT FOR UPDATE</> when using a partial
index on a child table (Kyotaro Horiguchi)
</para>
<para>
In <literal>READ COMMITTED</> mode, <command>SELECT FOR UPDATE</> must
also recheck the partial index's <literal>WHERE</> condition when
rechecking a recently-updated row to see if it still satisfies the
query's <literal>WHERE</> condition. This requirement was missed if the
index belonged to an inheritance child table, so that it was possible
to incorrectly return rows that no longer satisfy the query condition.
</para>
</listitem>
<listitem>
<para>
Fix corner case wherein <command>SELECT FOR UPDATE</> could return a row
twice, and possibly miss returning other rows (Tom Lane)
</para>
<para>
In <literal>READ COMMITTED</> mode, a <command>SELECT FOR UPDATE</>
that is scanning an inheritance tree could incorrectly return a row
from a prior child table instead of the one it should return from a
later child table.
</para>
</listitem>
<listitem>
<para>
Reject duplicate column names in the referenced-columns list of
a <literal>FOREIGN KEY</> declaration (David Rowley)
</para>
<para>
This restriction is per SQL standard. Previously we did not reject
the case explicitly, but later on the code would fail with
bizarre-looking errors.
</para>
</listitem>
<listitem>
<para>
Fix bugs in raising a <type>numeric</> value to a large integral power
(Tom Lane)
</para>
<para>
The previous code could get a wrong answer, or consume excessive
amounts of time and memory before realizing that the answer must
overflow.
</para>
</listitem>
<listitem>
<para>
In <function>numeric_recv()</>, truncate away any fractional digits
that would be hidden according to the value's <literal>dscale</> field
(Tom Lane)
</para>
<para>
A <type>numeric</> value's display scale (<literal>dscale</>) should
never be less than the number of nonzero fractional digits; but
apparently there's at least one broken client application that
transmits binary <type>numeric</> values in which that's true.
This leads to strange behavior since the extra digits are taken into
account by arithmetic operations even though they aren't printed.
The least risky fix seems to be to truncate away such <quote>hidden</>
digits on receipt, so that the value is indeed what it prints as.
</para>
</listitem>
<listitem>
<para>
Reject out-of-range numeric timezone specifications (Tom Lane)
</para>
<para>
Simple numeric timezone specifications exceeding +/- 168 hours (one
week) would be accepted, but could then cause null-pointer dereference
crashes in certain operations. There's no use-case for such large UTC
offsets, so reject them.
</para>
</listitem>
<listitem>
<para>
Fix bugs in <type>tsquery</> <literal>@&gt;</> <type>tsquery</>
operator (Heikki Linnakangas)
</para>
<para>
Two different terms would be considered to match if they had the same
CRC. Also, if the second operand had more terms than the first, it
would be assumed not to be contained in the first; which is wrong
since it might contain duplicate terms.
</para>
</listitem>
<listitem>
<para>
Improve ispell dictionary's defenses against bad affix files (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow more than 64K phrases in a thesaurus dictionary (David Boutin)
</para>
<para>
The previous coding could crash on an oversize dictionary, so this was
deemed a back-patchable bug fix rather than a feature addition.
</para>
</listitem>
<listitem>
<para>
Fix namespace handling in <function>xpath()</> (Ali Akbar)
</para>
<para>
Previously, the <type>xml</> value resulting from
an <function>xpath()</> call would not have namespace declarations if
the namespace declarations were attached to an ancestor element in the
input <type>xml</> value, rather than to the specific element being
returned. Propagate the ancestral declaration so that the result is
correct when considered in isolation.
</para>
</listitem>
<listitem>
<para>
Fix planner problems with nested append relations, such as inherited
tables within <literal>UNION ALL</> subqueries (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fail cleanly when a GiST index tuple doesn't fit on a page, rather
than going into infinite recursion (Andrew Gierth)
</para>
</listitem>
<listitem>
<para>
Exempt tables that have per-table <varname>cost_limit</>
and/or <varname>cost_delay</> settings from autovacuum's global cost
balancing rules (&Aacute;lvaro Herrera)
</para>
<para>
The previous behavior resulted in basically ignoring these per-table
settings, which was unintended. Now, a table having such settings
will be vacuumed using those settings, independently of what is going
on in other autovacuum workers. This may result in heavier total I/O
load than before, so such settings should be re-examined for sanity.
</para>
</listitem>
<listitem>
<para>
Avoid wholesale autovacuuming when autovacuum is nominally off
(Tom Lane)
</para>
<para>
Even when autovacuum is nominally off, we will still launch autovacuum
worker processes to vacuum tables that are at risk of XID wraparound.
However, such a worker process then proceeded to vacuum all tables in
the target database, if they met the usual thresholds for
autovacuuming. This is at best pretty unexpected; at worst it delays
response to the wraparound threat. Fix it so that if autovacuum is
turned off, workers <emphasis>only</> do anti-wraparound vacuums and
not any other work.
</para>
</listitem>
<listitem>
<para>
Fix race condition between hot standby queries and replaying a
full-page image (Heikki Linnakangas)
</para>
<para>
This mistake could result in transient errors in queries being
executed in hot standby.
</para>
</listitem>
<listitem>
<para>
Fix several cases where recovery logic improperly ignored WAL records
for <literal>COMMIT/ABORT PREPARED</> (Heikki Linnakangas)
</para>
<para>
The most notable oversight was
that <varname>recovery_target_xid</> could not be used to stop at
a two-phase commit.
</para>
</listitem>
<listitem>
<para>
Avoid creating unnecessary <filename>.ready</> marker files for
timeline history files (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Fix possible null pointer dereference when an empty prepared statement
is used and the <varname>log_statement</> setting is <literal>mod</>
or <literal>ddl</> (Fujii Masao)
</para>
</listitem>
<listitem>
<para>
Change <quote>pgstat wait timeout</> warning message to be LOG level,
and rephrase it to be more understandable (Tom Lane)
</para>
<para>
This message was originally thought to be essentially a can't-happen
case, but it occurs often enough on our slower buildfarm members to be
a nuisance. Reduce it to LOG level, and expend a bit more effort on
the wording: it now reads <quote>using stale statistics instead of
current ones because stats collector is not responding</>.
</para>
</listitem>
<listitem>
<para>
Fix SPARC spinlock implementation to ensure correctness if the CPU is
being run in a non-TSO coherency mode, as some non-Solaris kernels do
(Andres Freund)
</para>
</listitem>
<listitem>
<para>
Warn if macOS's <function>setlocale()</> starts an unwanted extra
thread inside the postmaster (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Fix processing of repeated <literal>dbname</> parameters
in <function>PQconnectdbParams()</> (Alex Shulgin)
</para>
<para>
Unexpected behavior ensued if the first occurrence
of <literal>dbname</> contained a connection string or URI to be
expanded.
</para>
</listitem>
<listitem>
<para>
Ensure that <application>libpq</> reports a suitable error message on
unexpected socket EOF (Marko Tiikkaja, Tom Lane)
</para>
<para>
Depending on kernel behavior, <application>libpq</> might return an
empty error string rather than something useful when the server
unexpectedly closed the socket.
</para>
</listitem>
<listitem>
<para>
Clear any old error message during <function>PQreset()</>
(Heikki Linnakangas)
</para>
<para>
If <function>PQreset()</> is called repeatedly, and the connection
cannot be re-established, error messages from the failed connection
attempts kept accumulating in the <structname>PGconn</>'s error
string.
</para>
</listitem>
<listitem>
<para>
Properly handle out-of-memory conditions while parsing connection
options in <application>libpq</> (Alex Shulgin, Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix array overrun in <application>ecpg</>'s version
of <function>ParseDateTime()</> (Michael Paquier)
</para>
</listitem>
<listitem>
<para>
In <application>initdb</>, give a clearer error message if a password
file is specified but is empty (Mats Erik Andersson)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s <command>\s</> command to work nicely with
libedit, and add pager support (Stepan Rutz, Tom Lane)
</para>
<para>
When using libedit rather than readline, <command>\s</> printed the
command history in a fairly unreadable encoded format, and on recent
libedit versions might fail altogether. Fix that by printing the
history ourselves rather than having the library do it. A pleasant
side-effect is that the pager is used if appropriate.
</para>
<para>
This patch also fixes a bug that caused newline encoding to be applied
inconsistently when saving the command history with libedit.
Multiline history entries written by older <application>psql</>
versions will be read cleanly with this patch, but perhaps not
vice versa, depending on the exact libedit versions involved.
</para>
</listitem>
<listitem>
<para>
Improve consistency of parsing of <application>psql</>'s special
variables (Tom Lane)
</para>
<para>
Allow variant spellings of <literal>on</> and <literal>off</> (such
as <literal>1</>/<literal>0</>) for <literal>ECHO_HIDDEN</>
and <literal>ON_ERROR_ROLLBACK</>. Report a warning for unrecognized
values for <literal>COMP_KEYWORD_CASE</>, <literal>ECHO</>,
<literal>ECHO_HIDDEN</>, <literal>HISTCONTROL</>,
<literal>ON_ERROR_ROLLBACK</>, and <literal>VERBOSITY</>. Recognize
all values for all these variables case-insensitively; previously
there was a mishmash of case-sensitive and case-insensitive behaviors.
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s expanded-mode display to work
consistently when using <literal>border</> = 3
and <literal>linestyle</> = <literal>ascii</> or <literal>unicode</>
(Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock during parallel restore of a schema-only dump
(Robert Haas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix core dump in <literal>pg_dump --binary-upgrade</> on zero-column
composite type (Rushabh Lathia)
</para>
</listitem>
<listitem>
<para>
Fix block number checking
in <filename>contrib/pageinspect</>'s <function>get_raw_page()</>
(Tom Lane)
</para>
<para>
The incorrect checking logic could prevent access to some pages in
non-main relation forks.
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pgcrypto</>'s <function>pgp_sym_decrypt()</>
to not fail on messages whose length is 6 less than a power of 2
(Marko Tiikkaja)
</para>
</listitem>
<listitem>
<para>
Handle unexpected query results, especially NULLs, safely in
<filename>contrib/tablefunc</>'s <function>connectby()</>
(Michael Paquier)
</para>
<para>
<function>connectby()</> previously crashed if it encountered a NULL
key value. It now prints that row but doesn't recurse further.
</para>
</listitem>
<listitem>
<para>
Avoid a possible crash in <filename>contrib/xml2</>'s
<function>xslt_process()</> (Mark Simonetti)
</para>
<para>
<application>libxslt</> seems to have an undocumented dependency on
the order in which resources are freed; reorder our calls to avoid a
crash.
</para>
</listitem>
<listitem>
<para>
Numerous cleanups of warnings from Coverity static code analyzer
(Andres Freund, Tatsuo Ishii, Marko Kreen, Tom Lane, Michael Paquier)
</para>
<para>
These changes are mostly cosmetic but in some cases fix corner-case
bugs, for example a crash rather than a proper error report after an
out-of-memory failure. None are believed to represent security
issues.
</para>
</listitem>
<listitem>
<para>
Detect incompatible OpenLDAP versions during build (Noah Misch)
</para>
<para>
With OpenLDAP versions 2.4.24 through 2.4.31,
inclusive, <productname>PostgreSQL</> backends can crash at exit.
Raise a warning during <application>configure</> based on the
compile-time OpenLDAP version number, and test the crashing scenario
in the <filename>contrib/dblink</> regression test.
</para>
</listitem>
<listitem>
<para>
In non-MSVC Windows builds, ensure <filename>libpq.dll</> is installed
with execute permissions (Noah Misch)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_regress</> remove any temporary installation it
created upon successful exit (Tom Lane)
</para>
<para>
This results in a very substantial reduction in disk space usage
during <literal>make check-world</>, since that sequence involves
creation of numerous temporary installations.
</para>
</listitem>
<listitem>
<para>
Support time zone abbreviations that change UTC offset from time to
time (Tom Lane)
</para>
<para>
Previously, <productname>PostgreSQL</> assumed that the UTC offset
associated with a time zone abbreviation (such as <literal>EST</>)
never changes in the usage of any particular locale. However this
assumption fails in the real world, so introduce the ability for a
zone abbreviation to represent a UTC offset that sometimes changes.
Update the zone abbreviation definition files to make use of this
feature in timezone locales that have changed the UTC offset of their
abbreviations since 1970 (according to the IANA timezone database).
In such timezones, <productname>PostgreSQL</> will now associate the
correct UTC offset with the abbreviation depending on the given date.
</para>
</listitem>
<listitem>
<para>
Update time zone abbreviations lists (Tom Lane)
</para>
<para>
Add CST (China Standard Time) to our lists.
Remove references to ADT as <quote>Arabia Daylight Time</>, an
abbreviation that's been out of use since 2007; therefore, claiming
there is a conflict with <quote>Atlantic Daylight Time</> doesn't seem
especially helpful.
Fix entirely incorrect GMT offsets for CKT (Cook Islands), FJT, and FJST
(Fiji); we didn't even have them on the proper side of the date line.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2015a.
</para>
<para>
The IANA timezone database has adopted abbreviations of the form
<literal>A<replaceable>x</>ST</literal>/<literal>A<replaceable>x</>DT</literal>
for all Australian time zones, reflecting what they believe to be
current majority practice Down Under. These names do not conflict
with usage elsewhere (other than ACST for Acre Summer Time, which has
been in disuse since 1994). Accordingly, adopt these names into
our <quote>Default</> timezone abbreviation set.
The <quote>Australia</> abbreviation set now contains only CST, EAST,
EST, SAST, SAT, and WST, all of which are thought to be mostly
historical usage. Note that SAST has also been changed to be South
Africa Standard Time in the <quote>Default</> abbreviation set.
</para>
<para>
Also, add zone abbreviations SRET (Asia/Srednekolymsk) and XJT
(Asia/Urumqi), and use WSST/WSDT for western Samoa. Also, there were
DST law changes in Chile, Mexico, the Turks &amp; Caicos Islands
(America/Grand_Turk), and Fiji. There is a new zone
Pacific/Bougainville for portions of Papua New Guinea. Also, numerous
corrections for historical (pre-1970) time zone data.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-18">
<title>Release 9.0.18</title>
<note>
<title>Release Date</title>
<simpara>2014-07-24</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.17.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.18</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, this release corrects an index corruption problem in some GiST
indexes. See the first changelog entry below to find out whether your
installation has been affected and what steps you should take if so.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.0.15,
see <xref linkend="release-9-0-15">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Correctly initialize padding bytes in <filename>contrib/btree_gist</>
indexes on <type>bit</> columns (Heikki Linnakangas)
</para>
<para>
This error could result in incorrect query results due to values that
should compare equal not being seen as equal.
Users with GiST indexes on <type>bit</> or <type>bit varying</>
columns should <command>REINDEX</> those indexes after installing this
update.
</para>
</listitem>
<listitem>
<para>
Protect against torn pages when deleting GIN list pages (Heikki
Linnakangas)
</para>
<para>
This fix prevents possible index corruption if a system crash occurs
while the page update is being written to disk.
</para>
</listitem>
<listitem>
<para>
Don't clear the right-link of a GiST index page while replaying
updates from WAL (Heikki Linnakangas)
</para>
<para>
This error could lead to transiently wrong answers from GiST index
scans performed in Hot Standby.
</para>
</listitem>
<listitem>
<para>
Fix possibly-incorrect cache invalidation during nested calls
to <function>ReceiveSharedInvalidMessages</> (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Don't assume a subquery's output is unique if there's a set-returning
function in its targetlist (David Rowley)
</para>
<para>
This oversight could lead to misoptimization of constructs
like <literal>WHERE x IN (SELECT y, generate_series(1,10) FROM t GROUP
BY y)</literal>.
</para>
</listitem>
<listitem>
<para>
Fix failure to detoast fields in composite elements of structured
types (Tom Lane)
</para>
<para>
This corrects cases where TOAST pointers could be copied into other
tables without being dereferenced. If the original data is later
deleted, it would lead to errors like <quote>missing chunk number 0
for toast value ...</> when the now-dangling pointer is used.
</para>
</listitem>
<listitem>
<para>
Fix <quote>record type has not been registered</> failures with
whole-row references to the output of Append plan nodes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible crash when invoking a user-defined function while
rewinding a cursor (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix query-lifespan memory leak while evaluating the arguments for a
function in <literal>FROM</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix session-lifespan memory leaks in regular-expression processing
(Tom Lane, Arthur O'Dwyer, Greg Stark)
</para>
</listitem>
<listitem>
<para>
Fix data encoding error in <filename>hungarian.stop</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix liveness checks for rows that were inserted in the current
transaction and then deleted by a now-rolled-back subtransaction
(Andres Freund)
</para>
<para>
This could cause problems (at least spurious warnings, and at worst an
infinite loop) if <command>CREATE INDEX</> or <command>CLUSTER</> were
done later in the same transaction.
</para>
</listitem>
<listitem>
<para>
Clear <structname>pg_stat_activity</>.<structfield>xact_start</>
during <command>PREPARE TRANSACTION</> (Andres Freund)
</para>
<para>
After the <command>PREPARE</>, the originating session is no longer in
a transaction, so it should not continue to display a transaction
start time.
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</> to not fail for text search objects
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Block signals during postmaster startup (Tom Lane)
</para>
<para>
This ensures that the postmaster will properly clean up after itself
if, for example, it receives <systemitem>SIGINT</> while still
starting up.
</para>
</listitem>
<listitem>
<para>
Secure Unix-domain sockets of temporary postmasters started during
<literal>make check</> (Noah Misch)
</para>
<para>
Any local user able to access the socket file could connect as the
server's bootstrap superuser, then proceed to execute arbitrary code as
the operating-system user running the test, as we previously noted in
CVE-2014-0067. This change defends against that risk by placing the
server's socket in a temporary, mode 0700 subdirectory
of <filename>/tmp</>. The hazard remains however on platforms where
Unix sockets are not supported, notably Windows, because then the
temporary postmaster must accept local TCP connections.
</para>
<para>
A useful side effect of this change is to simplify
<literal>make check</> testing in builds that
override <literal>DEFAULT_PGSOCKET_DIR</>. Popular non-default values
like <filename>/var/run/postgresql</> are often not writable by the
build user, requiring workarounds that will no longer be necessary.
</para>
</listitem>
<listitem>
<para>
Fix tablespace creation WAL replay to work on Windows (MauMau)
</para>
</listitem>
<listitem>
<para>
Fix detection of socket creation failures on Windows (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
On Windows, allow new sessions to absorb values of PGC_BACKEND
parameters (such as <xref linkend="guc-log-connections">) from the
configuration file (Amit Kapila)
</para>
<para>
Previously, if such a parameter were changed in the file post-startup,
the change would have no effect.
</para>
</listitem>
<listitem>
<para>
Properly quote executable path names on Windows (Nikhil Deshpande)
</para>
<para>
This oversight could cause <application>initdb</>
and <application>pg_upgrade</> to fail on Windows, if the installation
path contained both spaces and <literal>@</> signs.
</para>
</listitem>
<listitem>
<para>
Fix linking of <application>libpython</> on macOS (Tom Lane)
</para>
<para>
The method we previously used can fail with the Python library
supplied by Xcode 5.0 and later.
</para>
</listitem>
<listitem>
<para>
Avoid buffer bloat in <application>libpq</> when the server
consistently sends data faster than the client can absorb it
(Shin-ichi Morita, Tom Lane)
</para>
<para>
<application>libpq</> could be coerced into enlarging its input buffer
until it runs out of memory (which would be reported misleadingly
as <quote>lost synchronization with server</>). Under ordinary
circumstances it's quite far-fetched that data could be continuously
transmitted more quickly than the <function>recv()</> loop can
absorb it, but this has been observed when the client is artificially
slowed by scheduler constraints.
</para>
</listitem>
<listitem>
<para>
Ensure that LDAP lookup attempts in <application>libpq</> time out as
intended (Laurenz Albe)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</> to do the right thing when an array
of <type>char *</> is the target for a FETCH statement returning more
than one row, as well as some other array-handling fixes
(Ashutosh Bapat)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</>'s processing of old-style large object
comments (Tom Lane)
</para>
<para>
A direct-to-database restore from an archive file generated by a
pre-9.0 version of <application>pg_dump</> would usually fail if the
archive contained more than a few comments for large objects.
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/pgcrypto</> functions, ensure sensitive
information is cleared from stack variables before returning
(Marko Kreen)
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/uuid-ossp</>, cache the state of the OSSP UUID
library across calls (Tom Lane)
</para>
<para>
This improves the efficiency of UUID generation and reduces the amount
of entropy drawn from <filename>/dev/urandom</>, on platforms that
have that.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2014e
for DST law changes in Crimea, Egypt, and Morocco.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-17">
<title>Release 9.0.17</title>
<note>
<title>Release Date</title>
<simpara>2014-03-20</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.16.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.17</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.15,
see <xref linkend="release-9-0-15">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Restore GIN metapages unconditionally to avoid torn-page risk
(Heikki Linnakangas)
</para>
<para>
Although this oversight could theoretically result in a corrupted
index, it is unlikely to have caused any problems in practice, since
the active part of a GIN metapage is smaller than a standard 512-byte
disk sector.
</para>
</listitem>
<listitem>
<para>
Avoid race condition in checking transaction commit status during
receipt of a <command>NOTIFY</> message (Marko Tiikkaja)
</para>
<para>
This prevents a scenario wherein a sufficiently fast client might
respond to a notification before database updates made by the
notifier have become visible to the recipient.
</para>
</listitem>
<listitem>
<para>
Allow regular-expression operators to be terminated early by query
cancel requests (Tom Lane)
</para>
<para>
This prevents scenarios wherein a pathological regular expression
could lock up a server process uninterruptably for a long time.
</para>
</listitem>
<listitem>
<para>
Remove incorrect code that tried to allow <literal>OVERLAPS</> with
single-element row arguments (Joshua Yanovski)
</para>
<para>
This code never worked correctly, and since the case is neither
specified by the SQL standard nor documented, it seemed better to
remove it than fix it.
</para>
</listitem>
<listitem>
<para>
Avoid getting more than <literal>AccessShareLock</> when de-parsing a
rule or view (Dean Rasheed)
</para>
<para>
This oversight resulted in <application>pg_dump</> unexpectedly
acquiring <literal>RowExclusiveLock</> locks on tables mentioned as
the targets of <literal>INSERT</>/<literal>UPDATE</>/<literal>DELETE</>
commands in rules. While usually harmless, that could interfere with
concurrent transactions that tried to acquire, for example,
<literal>ShareLock</> on those tables.
</para>
</listitem>
<listitem>
<para>
Improve performance of index endpoint probes during planning (Tom Lane)
</para>
<para>
This change fixes a significant performance problem that occurred
when there were many not-yet-committed rows at the end of the index,
which is a common situation for indexes on sequentially-assigned
values such as timestamps or sequence-generated identifiers.
</para>
</listitem>
<listitem>
<para>
Fix test to see if hot standby connections can be allowed immediately
after a crash (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Prevent interrupts while reporting non-<literal>ERROR</> messages
(Tom Lane)
</para>
<para>
This guards against rare server-process freezeups due to recursive
entry to <function>syslog()</>, and perhaps other related problems.
</para>
</listitem>
<listitem>
<para>
Prevent intermittent <quote>could not reserve shared memory region</>
failures on recent Windows versions (MauMau)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2014a
for DST law changes in Fiji and Turkey, plus historical changes in
Israel and Ukraine.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-16">
<title>Release 9.0.16</title>
<note>
<title>Release Date</title>
<simpara>2014-02-20</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.15.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.16</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.15,
see <xref linkend="release-9-0-15">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Shore up <literal>GRANT ... WITH ADMIN OPTION</> restrictions
(Noah Misch)
</para>
<para>
Granting a role without <literal>ADMIN OPTION</> is supposed to
prevent the grantee from adding or removing members from the granted
role, but this restriction was easily bypassed by doing <literal>SET
ROLE</> first. The security impact is mostly that a role member can
revoke the access of others, contrary to the wishes of his grantor.
Unapproved role member additions are a lesser concern, since an
uncooperative role member could provide most of his rights to others
anyway by creating views or <literal>SECURITY DEFINER</> functions.
(CVE-2014-0060)
</para>
</listitem>
<listitem>
<para>
Prevent privilege escalation via manual calls to PL validator
functions (Andres Freund)
</para>
<para>
The primary role of PL validator functions is to be called implicitly
during <command>CREATE FUNCTION</>, but they are also normal SQL
functions that a user can call explicitly. Calling a validator on
a function actually written in some other language was not checked
for and could be exploited for privilege-escalation purposes.
The fix involves adding a call to a privilege-checking function in
each validator function. Non-core procedural languages will also
need to make this change to their own validator functions, if any.
(CVE-2014-0061)
</para>
</listitem>
<listitem>
<para>
Avoid multiple name lookups during table and index DDL
(Robert Haas, Andres Freund)
</para>
<para>
If the name lookups come to different conclusions due to concurrent
activity, we might perform some parts of the DDL on a different table
than other parts. At least in the case of <command>CREATE INDEX</>,
this can be used to cause the permissions checks to be performed
against a different table than the index creation, allowing for a
privilege escalation attack.
(CVE-2014-0062)
</para>
</listitem>
<listitem>
<para>
Prevent buffer overrun with long datetime strings (Noah Misch)
</para>
<para>
The <literal>MAXDATELEN</> constant was too small for the longest
possible value of type <type>interval</>, allowing a buffer overrun
in <function>interval_out()</>. Although the datetime input
functions were more careful about avoiding buffer overrun, the limit
was short enough to cause them to reject some valid inputs, such as
input containing a very long timezone name. The <application>ecpg</>
library contained these vulnerabilities along with some of its own.
(CVE-2014-0063)
</para>
</listitem>
<listitem>
<para>
Prevent buffer overrun due to integer overflow in size calculations
(Noah Misch, Heikki Linnakangas)
</para>
<para>
Several functions, mostly type input functions, calculated an
allocation size without checking for overflow. If overflow did
occur, a too-small buffer would be allocated and then written past.
(CVE-2014-0064)
</para>
</listitem>
<listitem>
<para>
Prevent overruns of fixed-size buffers
(Peter Eisentraut, Jozef Mlich)
</para>
<para>
Use <function>strlcpy()</> and related functions to provide a clear
guarantee that fixed-size buffers are not overrun. Unlike the
preceding items, it is unclear whether these cases really represent
live issues, since in most cases there appear to be previous
constraints on the size of the input string. Nonetheless it seems
prudent to silence all Coverity warnings of this type.
(CVE-2014-0065)
</para>
</listitem>
<listitem>
<para>
Avoid crashing if <function>crypt()</> returns NULL (Honza Horak,
Bruce Momjian)
</para>
<para>
There are relatively few scenarios in which <function>crypt()</>
could return NULL, but <filename>contrib/chkpass</> would crash
if it did. One practical case in which this could be an issue is
if <application>libc</> is configured to refuse to execute unapproved
hashing algorithms (e.g., <quote>FIPS mode</>).
(CVE-2014-0066)
</para>
</listitem>
<listitem>
<para>
Document risks of <literal>make check</> in the regression testing
instructions (Noah Misch, Tom Lane)
</para>
<para>
Since the temporary server started by <literal>make check</>
uses <quote>trust</> authentication, another user on the same machine
could connect to it as database superuser, and then potentially
exploit the privileges of the operating-system user who started the
tests. A future release will probably incorporate changes in the
testing procedure to prevent this risk, but some public discussion is
needed first. So for the moment, just warn people against using
<literal>make check</> when there are untrusted users on the
same machine.
(CVE-2014-0067)
</para>
</listitem>
<listitem>
<para>
Fix possible mis-replay of WAL records when some segments of a
relation aren't full size (Greg Stark, Tom Lane)
</para>
<para>
The WAL update could be applied to the wrong page, potentially many
pages past where it should have been. Aside from corrupting data,
this error has been observed to result in significant <quote>bloat</>
of standby servers compared to their masters, due to updates being
applied far beyond where the end-of-file should have been. This
failure mode does not appear to be a significant risk during crash
recovery, only when initially synchronizing a standby created from a
base backup taken from a quickly-changing master.
</para>
</listitem>
<listitem>
<para>
Fix bug in determining when recovery has reached consistency
(Tomonari Katsumata, Heikki Linnakangas)
</para>
<para>
In some cases WAL replay would mistakenly conclude that the database
was already consistent at the start of replay, thus possibly allowing
hot-standby queries before the database was really consistent. Other
symptoms such as <quote>PANIC: WAL contains references to invalid
pages</> were also possible.
</para>
</listitem>
<listitem>
<para>
Fix improper locking of btree index pages while replaying
a <literal>VACUUM</> operation in hot-standby mode (Andres Freund,
Heikki Linnakangas, Tom Lane)
</para>
<para>
This error could result in <quote>PANIC: WAL contains references to
invalid pages</> failures.
</para>
</listitem>
<listitem>
<para>
Ensure that insertions into non-leaf GIN index pages write a full-page
WAL record when appropriate (Heikki Linnakangas)
</para>
<para>
The previous coding risked index corruption in the event of a
partial-page write during a system crash.
</para>
</listitem>
<listitem>
<para>
Fix race conditions during server process exit (Robert Haas)
</para>
<para>
Ensure that signal handlers don't attempt to use the
process's <varname>MyProc</> pointer after it's no longer valid.
</para>
</listitem>
<listitem>
<para>
Fix unsafe references to <varname>errno</> within error reporting
logic (Christian Kruse)
</para>
<para>
This would typically lead to odd behaviors such as missing or
inappropriate <literal>HINT</> fields.
</para>
</listitem>
<listitem>
<para>
Fix possible crashes from using <function>ereport()</> too early
during server startup (Tom Lane)
</para>
<para>
The principal case we've seen in the field is a crash if the server
is started in a directory it doesn't have permission to read.
</para>
</listitem>
<listitem>
<para>
Clear retry flags properly in OpenSSL socket write
function (Alexander Kukushkin)
</para>
<para>
This omission could result in a server lockup after unexpected loss
of an SSL-encrypted connection.
</para>
</listitem>
<listitem>
<para>
Fix length checking for Unicode identifiers (<literal>U&amp;"..."</>
syntax) containing escapes (Tom Lane)
</para>
<para>
A spurious truncation warning would be printed for such identifiers
if the escaped form of the identifier was too long, but the
identifier actually didn't need truncation after de-escaping.
</para>
</listitem>
<listitem>
<para>
Allow keywords that are type names to be used in lists of roles
(Stephen Frost)
</para>
<para>
A previous patch allowed such keywords to be used without quoting
in places such as role identifiers; but it missed cases where a
list of role identifiers was permitted, such as <literal>DROP ROLE</>.
</para>
</listitem>
<listitem>
<para>
Fix possible crash due to invalid plan for nested sub-selects, such
as <literal>WHERE (... x IN (SELECT ...) ...) IN (SELECT ...)</>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that <command>ANALYZE</> creates statistics for a table column
even when all the values in it are <quote>too wide</> (Tom Lane)
</para>
<para>
<command>ANALYZE</> intentionally omits very wide values from its
histogram and most-common-values calculations, but it neglected to do
something sane in the case that all the sampled entries are too wide.
</para>
</listitem>
<listitem>
<para>
In <literal>ALTER TABLE ... SET TABLESPACE</>, allow the database's
default tablespace to be used without a permissions check
(Stephen Frost)
</para>
<para>
<literal>CREATE TABLE</> has always allowed such usage,
but <literal>ALTER TABLE</> didn't get the memo.
</para>
</listitem>
<listitem>
<para>
Fix <quote>cannot accept a set</> error when some arms of
a <literal>CASE</> return a set and others don't (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix checks for all-zero client addresses in pgstat functions (Kevin
Grittner)
</para>
</listitem>
<listitem>
<para>
Fix possible misclassification of multibyte characters by the text
search parser (Tom Lane)
</para>
<para>
Non-ASCII characters could be misclassified when using C locale with
a multibyte encoding. On Cygwin, non-C locales could fail as well.
</para>
</listitem>
<listitem>
<para>
Fix possible misbehavior in <function>plainto_tsquery()</>
(Heikki Linnakangas)
</para>
<para>
Use <function>memmove()</> not <function>memcpy()</> for copying
overlapping memory regions. There have been no field reports of
this actually causing trouble, but it's certainly risky.
</para>
</listitem>
<listitem>
<para>
Accept <literal>SHIFT_JIS</> as an encoding name for locale checking
purposes (Tatsuo Ishii)
</para>
</listitem>
<listitem>
<para>
Fix misbehavior of <function>PQhost()</> on Windows (Fujii Masao)
</para>
<para>
It should return <literal>localhost</> if no host has been specified.
</para>
</listitem>
<listitem>
<para>
Improve error handling in <application>libpq</> and <application>psql</>
for failures during <literal>COPY TO STDOUT/FROM STDIN</> (Tom Lane)
</para>
<para>
In particular this fixes an infinite loop that could occur in 9.2 and
up if the server connection was lost during <literal>COPY FROM
STDIN</>. Variants of that scenario might be possible in older
versions, or with other client applications.
</para>
</listitem>
<listitem>
<para>
Fix misaligned descriptors in <application>ecpg</> (MauMau)
</para>
</listitem>
<listitem>
<para>
In <application>ecpg</>, handle lack of a hostname in the connection
parameters properly (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix performance regression in <filename>contrib/dblink</> connection
startup (Joe Conway)
</para>
<para>
Avoid an unnecessary round trip when client and server encodings match.
</para>
</listitem>
<listitem>
<para>
In <filename>contrib/isn</>, fix incorrect calculation of the check
digit for ISMN values (Fabien Coelho)
</para>
</listitem>
<listitem>
<para>
Ensure client-code-only installation procedure works as documented
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
In Mingw and Cygwin builds, install the <application>libpq</> DLL
in the <filename>bin</> directory (Andrew Dunstan)
</para>
<para>
This duplicates what the MSVC build has long done. It should fix
problems with programs like <application>psql</> failing to start
because they can't find the DLL.
</para>
</listitem>
<listitem>
<para>
Avoid using the deprecated <literal>dllwrap</> tool in Cygwin builds
(Marco Atzeri)
</para>
</listitem>
<listitem>
<para>
Don't generate plain-text <filename>HISTORY</>
and <filename>src/test/regress/README</> files anymore (Tom Lane)
</para>
<para>
These text files duplicated the main HTML and PDF documentation
formats. The trouble involved in maintaining them greatly outweighs
the likely audience for plain-text format. Distribution tarballs
will still contain files by these names, but they'll just be stubs
directing the reader to consult the main documentation.
The plain-text <filename>INSTALL</> file will still be maintained, as
there is arguably a use-case for that.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2013i
for DST law changes in Jordan and historical changes in Cuba.
</para>
<para>
In addition, the zones <literal>Asia/Riyadh87</>,
<literal>Asia/Riyadh88</>, and <literal>Asia/Riyadh89</> have been
removed, as they are no longer maintained by IANA, and never
represented actual civil timekeeping practice.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-15">
<title>Release 9.0.15</title>
<note>
<title>Release Date</title>
<simpara>2013-12-05</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.14.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.15</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, this release corrects a number of potential data corruption
issues. See the first two changelog entries below to find out whether
your installation has been affected and what steps you can take if so.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.0.13,
see <xref linkend="release-9-0-13">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix <command>VACUUM</>'s tests to see whether it can
update <structfield>relfrozenxid</> (Andres Freund)
</para>
<para>
In some cases <command>VACUUM</> (either manual or autovacuum) could
incorrectly advance a table's <structfield>relfrozenxid</> value,
allowing tuples to escape freezing, causing those rows to become
invisible once 2^31 transactions have elapsed. The probability of
data loss is fairly low since multiple incorrect advancements would
need to happen before actual loss occurs, but it's not zero. Users
upgrading from releases 9.0.4 or 8.4.8 or earlier are not affected, but
all later versions contain the bug.
</para>
<para>
The issue can be ameliorated by, after upgrading, vacuuming all tables
in all databases while having <link
linkend="guc-vacuum-freeze-table-age"><varname>vacuum_freeze_table_age</></link>
set to zero. This will fix any latent corruption but will not be able
to fix all pre-existing data errors. However, an installation can be
presumed safe after performing this vacuuming if it has executed fewer
than 2^31 update transactions in its lifetime (check this with
<literal>SELECT txid_current() < 2^31</>).
</para>
</listitem>
<listitem>
<para>
Fix initialization of <filename>pg_clog</> and <filename>pg_subtrans</>
during hot standby startup (Andres Freund, Heikki Linnakangas)
</para>
<para>
This bug can cause data loss on standby servers at the moment they
start to accept hot-standby queries, by marking committed transactions
as uncommitted. The likelihood of such corruption is small unless, at
the time of standby startup, the primary server has executed many
updating transactions since its last checkpoint. Symptoms include
missing rows, rows that should have been deleted being still visible,
and obsolete versions of updated rows being still visible alongside
their newer versions.
</para>
<para>
This bug was introduced in versions 9.3.0, 9.2.5, 9.1.10, and 9.0.14.
Standby servers that have only been running earlier releases are not
at risk. It's recommended that standby servers that have ever run any
of the buggy releases be re-cloned from the primary (e.g., with a new
base backup) after upgrading.
</para>
</listitem>
<listitem>
<para>
Truncate <filename>pg_multixact</> contents during WAL replay
(Andres Freund)
</para>
<para>
This avoids ever-increasing disk space consumption in standby servers.
</para>
</listitem>
<listitem>
<para>
Fix race condition in GIN index posting tree page deletion (Heikki
Linnakangas)
</para>
<para>
This could lead to transient wrong answers or query failures.
</para>
</listitem>
<listitem>
<para>
Avoid flattening a subquery whose <literal>SELECT</> list contains a
volatile function wrapped inside a sub-<literal>SELECT</> (Tom Lane)
</para>
<para>
This avoids unexpected results due to extra evaluations of the
volatile function.
</para>
</listitem>
<listitem>
<para>
Fix planner's processing of non-simple-variable subquery outputs
nested within outer joins (Tom Lane)
</para>
<para>
This error could lead to incorrect plans for queries involving
multiple levels of subqueries within <literal>JOIN</> syntax.
</para>
</listitem>
<listitem>
<para>
Fix premature deletion of temporary files (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Fix possible read past end of memory in rule printing (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Fix array slicing of <type>int2vector</> and <type>oidvector</> values
(Tom Lane)
</para>
<para>
Expressions of this kind are now implicitly promoted to
regular <type>int2</> or <type>oid</> arrays.
</para>
</listitem>
<listitem>
<para>
Fix incorrect behaviors when using a SQL-standard, simple GMT offset
timezone (Tom Lane)
</para>
<para>
In some cases, the system would use the simple GMT offset value when
it should have used the regular timezone setting that had prevailed
before the simple offset was selected. This change also causes
the <function>timeofday</> function to honor the simple GMT offset
zone.
</para>
</listitem>
<listitem>
<para>
Prevent possible misbehavior when logging translations of Windows
error codes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Properly quote generated command lines in <application>pg_ctl</>
(Naoya Anzai and Tom Lane)
</para>
<para>
This fix applies only to Windows.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dumpall</> to work when a source database
sets <link
linkend="guc-default-transaction-read-only"><varname>default_transaction_read_only</></link>
via <command>ALTER DATABASE SET</> (Kevin Grittner)
</para>
<para>
Previously, the generated script would fail during restore.
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>'s processing of lists of variables
declared <type>varchar</> (Zolt&aacute;n B&ouml;sz&ouml;rm&eacute;nyi)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/lo</> defend against incorrect trigger definitions
(Marc Cousin)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2013h
for DST law changes in Argentina, Brazil, Jordan, Libya,
Liechtenstein, Morocco, and Palestine. Also, new timezone
abbreviations WIB, WIT, WITA for Indonesia.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-14">
<title>Release 9.0.14</title>
<note>
<title>Release Date</title>
<simpara>2013-10-10</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.13.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.14</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.13,
see <xref linkend="release-9-0-13">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent corruption of multi-byte characters when attempting to
case-fold identifiers (Andrew Dunstan)
</para>
<para>
<productname>PostgreSQL</> case-folds non-ASCII characters only
when using a single-byte server encoding.
</para>
</listitem>
<listitem>
<para>
Fix checkpoint memory leak in background writer when <literal>wal_level =
hot_standby</> (Naoya Anzai)
</para>
</listitem>
<listitem>
<para>
Fix memory leak caused by <function>lo_open()</function> failure
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix memory overcommit bug when <varname>work_mem</> is using more
than 24GB of memory (Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Fix deadlock bug in libpq when using SSL (Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Fix possible SSL state corruption in threaded libpq applications
(Nick Phillips, Stephen Frost)
</para>
</listitem>
<listitem>
<para>
Properly compute row estimates for boolean columns containing many NULL
values (Andrew Gierth)
</para>
<para>
Previously tests like <literal>col IS NOT TRUE</> and <literal>col IS
NOT FALSE</> did not properly factor in NULL values when estimating
plan costs.
</para>
</listitem>
<listitem>
<para>
Prevent pushing down <literal>WHERE</> clauses into unsafe
<literal>UNION/INTERSECT</> subqueries (Tom Lane)
</para>
<para>
Subqueries of a <literal>UNION</> or <literal>INTERSECT</> that
contain set-returning functions or volatile functions in their
<literal>SELECT</> lists could be improperly optimized, leading to
run-time errors or incorrect query results.
</para>
</listitem>
<listitem>
<para>
Fix rare case of <quote>failed to locate grouping columns</>
planner failure (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve view dumping code's handling of dropped columns in referenced
tables (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Properly record index comments created using <literal>UNIQUE</>
and <literal>PRIMARY KEY</> syntax (Andres Freund)
</para>
<para>
This fixes a parallel <application>pg_restore</> failure.
</para>
</listitem>
<listitem>
<para>
Fix <command>REINDEX TABLE</> and <command>REINDEX DATABASE</>
to properly revalidate constraints and mark invalidated indexes as
valid (Noah Misch)
</para>
<para>
<command>REINDEX INDEX</> has always worked properly.
</para>
</listitem>
<listitem>
<para>
Fix possible deadlock during concurrent <command>CREATE INDEX
CONCURRENTLY</> operations (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>regexp_matches()</> handling of zero-length matches
(Jeevan Chalke)
</para>
<para>
Previously, zero-length matches like '^' could return too many matches.
</para>
</listitem>
<listitem>
<para>
Fix crash for overly-complex regular expressions (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix regular expression match failures for back references combined with
non-greedy quantifiers (Jeevan Chalke)
</para>
</listitem>
<listitem>
<para>
Prevent <command>CREATE FUNCTION</> from checking <command>SET</>
variables unless function body checking is enabled (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow <command>ALTER DEFAULT PRIVILEGES</> to operate on schemas
without requiring CREATE permission (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Loosen restriction on keywords used in queries (Tom Lane)
</para>
<para>
Specifically, lessen keyword restrictions for role names, language
names, <command>EXPLAIN</> and <command>COPY</> options, and
<command>SET</> values. This allows <literal>COPY ... (FORMAT
BINARY)</> to work as expected; previously <literal>BINARY</> needed
to be quoted.
</para>
</listitem>
<listitem>
<para>
Fix <function>pgp_pub_decrypt()</> so it works for secret keys with
passwords (Marko Kreen)
</para>
</listitem>
<listitem>
<para>
Remove rare inaccurate warning during vacuum of index-less tables
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Ensure that <command>VACUUM ANALYZE</> still runs the ANALYZE phase
if its attempt to truncate the file is cancelled due to lock conflicts
(Kevin Grittner)
</para>
</listitem>
<listitem>
<para>
Avoid possible failure when performing transaction control commands (e.g
ROLLBACK) in prepared queries (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that floating-point data input accepts standard spellings
of <quote>infinity</> on all platforms (Tom Lane)
</para>
<para>
The C99 standard says that allowable spellings are <literal>inf</>,
<literal>+inf</>, <literal>-inf</>, <literal>infinity</>,
<literal>+infinity</>, and <literal>-infinity</>. Make sure we
recognize these even if the platform's <function>strtod</> function
doesn't.
</para>
</listitem>
<listitem>
<para>
Expand ability to compare rows to records and arrays (Rafal Rzepecki,
Tom Lane)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2013d
for DST law changes in Israel, Morocco, Palestine, and Paraguay.
Also, historical zone data corrections for Macquarie Island.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-13">
<title>Release 9.0.13</title>
<note>
<title>Release Date</title>
<simpara>2013-04-04</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.12.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.13</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, this release corrects several errors in management of GiST
indexes. After installing this update, it is advisable to
<command>REINDEX</> any GiST indexes that meet one or more of the
conditions described below.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.0.6,
see <xref linkend="release-9-0-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix insecure parsing of server command-line switches (Mitsumasa
Kondo, Kyotaro Horiguchi)
</para>
<para>
A connection request containing a database name that begins with
<quote><literal>-</></quote> could be crafted to damage or destroy
files within the server's data directory, even if the request is
eventually rejected. (CVE-2013-1899)
</para>
</listitem>
<listitem>
<para>
Reset OpenSSL randomness state in each postmaster child process
(Marko Kreen)
</para>
<para>
This avoids a scenario wherein random numbers generated by
<filename>contrib/pgcrypto</> functions might be relatively easy for
another database user to guess. The risk is only significant when
the postmaster is configured with <varname>ssl</> = <literal>on</>
but most connections don't use SSL encryption. (CVE-2013-1900)
</para>
</listitem>
<listitem>
<para>
Fix GiST indexes to not use <quote>fuzzy</> geometric comparisons when
it's not appropriate to do so (Alexander Korotkov)
</para>
<para>
The core geometric types perform comparisons using <quote>fuzzy</>
equality, but <function>gist_box_same</> must do exact comparisons,
else GiST indexes using it might become inconsistent. After installing
this update, users should <command>REINDEX</> any GiST indexes on
<type>box</>, <type>polygon</>, <type>circle</>, or <type>point</>
columns, since all of these use <function>gist_box_same</>.
</para>
</listitem>
<listitem>
<para>
Fix erroneous range-union and penalty logic in GiST indexes that use
<filename>contrib/btree_gist</> for variable-width data types, that is
<type>text</>, <type>bytea</>, <type>bit</>, and <type>numeric</>
columns (Tom Lane)
</para>
<para>
These errors could result in inconsistent indexes in which some keys
that are present would not be found by searches, and also in useless
index bloat. Users are advised to <command>REINDEX</> such indexes
after installing this update.
</para>
</listitem>
<listitem>
<para>
Fix bugs in GiST page splitting code for multi-column indexes
(Tom Lane)
</para>
<para>
These errors could result in inconsistent indexes in which some keys
that are present would not be found by searches, and also in indexes
that are unnecessarily inefficient to search. Users are advised to
<command>REINDEX</> multi-column GiST indexes after installing this
update.
</para>
</listitem>
<listitem>
<para>
Fix <function>gist_point_consistent</>
to handle fuzziness consistently (Alexander Korotkov)
</para>
<para>
Index scans on GiST indexes on <type>point</> columns would sometimes
yield results different from a sequential scan, because
<function>gist_point_consistent</> disagreed with the underlying
operator code about whether to do comparisons exactly or fuzzily.
</para>
</listitem>
<listitem>
<para>
Fix buffer leak in WAL replay (Heikki Linnakangas)
</para>
<para>
This bug could result in <quote>incorrect local pin count</> errors
during replay, making recovery impossible.
</para>
</listitem>
<listitem>
<para>
Fix race condition in <command>DELETE RETURNING</> (Tom Lane)
</para>
<para>
Under the right circumstances, <command>DELETE RETURNING</> could
attempt to fetch data from a shared buffer that the current process
no longer has any pin on. If some other process changed the buffer
meanwhile, this would lead to garbage <literal>RETURNING</> output, or
even a crash.
</para>
</listitem>
<listitem>
<para>
Fix infinite-loop risk in regular expression compilation (Tom Lane,
Don Porter)
</para>
</listitem>
<listitem>
<para>
Fix potential null-pointer dereference in regular expression compilation
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>to_char()</> to use ASCII-only case-folding rules where
appropriate (Tom Lane)
</para>
<para>
This fixes misbehavior of some template patterns that should be
locale-independent, but mishandled <quote><literal>I</></quote> and
<quote><literal>i</></quote> in Turkish locales.
</para>
</listitem>
<listitem>
<para>
Fix unwanted rejection of timestamp <literal>1999-12-31 24:00:00</>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix logic error when a single transaction does <command>UNLISTEN</>
then <command>LISTEN</> (Tom Lane)
</para>
<para>
The session wound up not listening for notify events at all, though it
surely should listen in this case.
</para>
</listitem>
<listitem>
<para>
Remove useless <quote>picksplit doesn't support secondary split</> log
messages (Josh Hansen, Tom Lane)
</para>
<para>
This message seems to have been added in expectation of code that was
never written, and probably never will be, since GiST's default
handling of secondary splits is actually pretty good. So stop nagging
end users about it.
</para>
</listitem>
<listitem>
<para>
Fix possible failure to send a session's last few transaction
commit/abort counts to the statistics collector (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Eliminate memory leaks in PL/Perl's <function>spi_prepare()</> function
(Alex Hunsaker, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dumpall</> to handle database names containing
<quote><literal>=</></quote> correctly (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Avoid crash in <application>pg_dump</> when an incorrect connection
string is given (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Ignore invalid indexes in <application>pg_dump</> and
<application>pg_upgrade</> (Michael Paquier, Bruce Momjian)
</para>
<para>
Dumping invalid indexes can cause problems at restore time, for example
if the reason the index creation failed was because it tried to enforce
a uniqueness condition not satisfied by the table's data. Also, if the
index creation is in fact still in progress, it seems reasonable to
consider it to be an uncommitted DDL change, which
<application>pg_dump</> wouldn't be expected to dump anyway.
<application>pg_upgrade</> now also skips invalid indexes rather than
failing.
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/pg_trgm</>'s <function>similarity()</> function
to return zero for trigram-less strings (Tom Lane)
</para>
<para>
Previously it returned <literal>NaN</> due to internal division by zero.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2013b
for DST law changes in Chile, Haiti, Morocco, Paraguay, and some
Russian areas. Also, historical zone data corrections for numerous
places.
</para>
<para>
Also, update the time zone abbreviation files for recent changes in
Russia and elsewhere: <literal>CHOT</>, <literal>GET</>,
<literal>IRKT</>, <literal>KGT</>, <literal>KRAT</>, <literal>MAGT</>,
<literal>MAWT</>, <literal>MSK</>, <literal>NOVT</>, <literal>OMST</>,
<literal>TKT</>, <literal>VLAT</>, <literal>WST</>, <literal>YAKT</>,
<literal>YEKT</> now follow their current meanings, and
<literal>VOLT</> (Europe/Volgograd) and <literal>MIST</>
(Antarctica/Macquarie) are added to the default abbreviations list.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-12">
<title>Release 9.0.12</title>
<note>
<title>Release Date</title>
<simpara>2013-02-07</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.11.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.12</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.6,
see <xref linkend="release-9-0-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent execution of <function>enum_recv</> from SQL (Tom Lane)
</para>
<para>
The function was misdeclared, allowing a simple SQL command to crash the
server. In principle an attacker might be able to use it to examine the
contents of server memory. Our thanks to Sumit Soni (via Secunia SVCRP)
for reporting this issue. (CVE-2013-0255)
</para>
</listitem>
<listitem>
<para>
Fix multiple problems in detection of when a consistent database
state has been reached during WAL replay (Fujii Masao, Heikki
Linnakangas, Simon Riggs, Andres Freund)
</para>
</listitem>
<listitem>
<para>
Update minimum recovery point when truncating a relation file (Heikki
Linnakangas)
</para>
<para>
Once data has been discarded, it's no longer safe to stop recovery at
an earlier point in the timeline.
</para>
</listitem>
<listitem>
<para>
Fix missing cancellations in hot standby mode (Noah Misch, Simon Riggs)
</para>
<para>
The need to cancel conflicting hot-standby queries would sometimes be
missed, allowing those queries to see inconsistent data.
</para>
</listitem>
<listitem>
<para>
Fix SQL grammar to allow subscripting or field selection from a
sub-SELECT result (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix performance problems with autovacuum truncation in busy workloads
(Jan Wieck)
</para>
<para>
Truncation of empty pages at the end of a table requires exclusive
lock, but autovacuum was coded to fail (and release the table lock)
when there are conflicting lock requests. Under load, it is easily
possible that truncation would never occur, resulting in table bloat.
Fix by performing a partial truncation, releasing the lock, then
attempting to re-acquire the lock and continue. This fix also greatly
reduces the average time before autovacuum releases the lock after a
conflicting request arrives.
</para>
</listitem>
<listitem>
<para>
Protect against race conditions when scanning
<structname>pg_tablespace</> (Stephen Frost, Tom Lane)
</para>
<para>
<command>CREATE DATABASE</> and <command>DROP DATABASE</> could
misbehave if there were concurrent updates of
<structname>pg_tablespace</> entries.
</para>
</listitem>
<listitem>
<para>
Prevent <command>DROP OWNED</> from trying to drop whole databases or
tablespaces (&Aacute;lvaro Herrera)
</para>
<para>
For safety, ownership of these objects must be reassigned, not dropped.
</para>
</listitem>
<listitem>
<para>
Fix error in <link
linkend="guc-vacuum-freeze-table-age"><varname>vacuum_freeze_table_age</></link>
implementation (Andres Freund)
</para>
<para>
In installations that have existed for more than <link
linkend="guc-vacuum-freeze-min-age"><varname>vacuum_freeze_min_age</></link>
transactions, this mistake prevented autovacuum from using partial-table
scans, so that a full-table scan would always happen instead.
</para>
</listitem>
<listitem>
<para>
Prevent misbehavior when a <symbol>RowExpr</> or <symbol>XmlExpr</>
is parse-analyzed twice (Andres Freund, Tom Lane)
</para>
<para>
This mistake could be user-visible in contexts such as
<literal>CREATE TABLE LIKE INCLUDING INDEXES</>.
</para>
</listitem>
<listitem>
<para>
Improve defenses against integer overflow in hashtable sizing
calculations (Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Reject out-of-range dates in <function>to_date()</> (Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Ensure that non-ASCII prompt strings are translated to the correct
code page on Windows (Alexander Law, Noah Misch)
</para>
<para>
This bug affected <application>psql</> and some other client programs.
</para>
</listitem>
<listitem>
<para>
Fix possible crash in <application>psql</>'s <command>\?</> command
when not connected to a database (Meng Qingzhong)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</> to deal with invalid indexes safely
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Fix one-byte buffer overrun in <application>libpq</>'s
<function>PQprintTuples</> (Xi Wang)
</para>
<para>
This ancient function is not used anywhere by
<productname>PostgreSQL</> itself, but it might still be used by some
client code.
</para>
</listitem>
<listitem>
<para>
Make <application>ecpglib</> use translated messages properly
(Chen Huajun)
</para>
</listitem>
<listitem>
<para>
Properly install <application>ecpg_compat</> and
<application>pgtypes</> libraries on MSVC (Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Include our version of <function>isinf()</> in
<application>libecpg</> if it's not provided by the system
(Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Rearrange configure's tests for supplied functions so it is not
fooled by bogus exports from libedit/libreadline (Christoph Berg)
</para>
</listitem>
<listitem>
<para>
Ensure Windows build number increases over time (Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Make <application>pgxs</> build executables with the right
<literal>.exe</> suffix when cross-compiling for Windows
(Zoltan Boszormenyi)
</para>
</listitem>
<listitem>
<para>
Add new timezone abbreviation <literal>FET</> (Tom Lane)
</para>
<para>
This is now used in some eastern-European time zones.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-11">
<title>Release 9.0.11</title>
<note>
<title>Release Date</title>
<simpara>2012-12-06</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.10.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.11</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.6,
see <xref linkend="release-9-0-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix multiple bugs associated with <command>CREATE INDEX
CONCURRENTLY</> (Andres Freund, Tom Lane)
</para>
<para>
Fix <command>CREATE INDEX CONCURRENTLY</> to use
in-place updates when changing the state of an index's
<structname>pg_index</> row. This prevents race conditions that could
cause concurrent sessions to miss updating the target index, thus
resulting in corrupt concurrently-created indexes.
</para>
<para>
Also, fix various other operations to ensure that they ignore
invalid indexes resulting from a failed <command>CREATE INDEX
CONCURRENTLY</> command. The most important of these is
<command>VACUUM</>, because an auto-vacuum could easily be launched
on the table before corrective action can be taken to fix or remove
the invalid index.
</para>
</listitem>
<listitem>
<para>
Fix buffer locking during WAL replay (Tom Lane)
</para>
<para>
The WAL replay code was insufficiently careful about locking buffers
when replaying WAL records that affect more than one page. This could
result in hot standby queries transiently seeing inconsistent states,
resulting in wrong answers or unexpected failures.
</para>
</listitem>
<listitem>
<para>
Fix an error in WAL generation logic for GIN indexes (Tom Lane)
</para>
<para>
This could result in index corruption, if a torn-page failure occurred.
</para>
</listitem>
<listitem>
<para>
Properly remove startup process's virtual XID lock when promoting a
hot standby server to normal running (Simon Riggs)
</para>
<para>
This oversight could prevent subsequent execution of certain
operations such as <command>CREATE INDEX CONCURRENTLY</>.
</para>
</listitem>
<listitem>
<para>
Avoid bogus <quote>out-of-sequence timeline ID</> errors in standby
mode (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Prevent the postmaster from launching new child processes after it's
received a shutdown signal (Tom Lane)
</para>
<para>
This mistake could result in shutdown taking longer than it should, or
even never completing at all without additional user action.
</para>
</listitem>
<listitem>
<para>
Avoid corruption of internal hash tables when out of memory
(Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Fix planning of non-strict equivalence clauses above outer joins
(Tom Lane)
</para>
<para>
The planner could derive incorrect constraints from a clause equating
a non-strict construct to something else, for example
<literal>WHERE COALESCE(foo, 0) = 0</>
when <literal>foo</> is coming from the nullable side of an outer join.
</para>
</listitem>
<listitem>
<para>
Improve planner's ability to prove exclusion constraints from
equivalence classes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix partial-row matching in hashed subplans to handle cross-type cases
correctly (Tom Lane)
</para>
<para>
This affects multicolumn <literal>NOT IN</> subplans, such as
<literal>WHERE (a, b) NOT IN (SELECT x, y FROM ...)</>
when for instance <literal>b</> and <literal>y</> are <type>int4</>
and <type>int8</> respectively. This mistake led to wrong answers
or crashes depending on the specific datatypes involved.
</para>
</listitem>
<listitem>
<para>
Acquire buffer lock when re-fetching the old tuple for an
<literal>AFTER ROW UPDATE/DELETE</> trigger (Andres Freund)
</para>
<para>
In very unusual circumstances, this oversight could result in passing
incorrect data to the precheck logic for a foreign-key enforcement
trigger. That could result in a crash, or in an incorrect decision
about whether to fire the trigger.
</para>
</listitem>
<listitem>
<para>
Fix <command>ALTER COLUMN TYPE</> to handle inherited check
constraints properly (Pavan Deolasee)
</para>
<para>
This worked correctly in pre-8.4 releases, and now works correctly
in 8.4 and later.
</para>
</listitem>
<listitem>
<para>
Fix <command>REASSIGN OWNED</> to handle grants on tablespaces
(&Aacute;lvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Ignore incorrect <structname>pg_attribute</> entries for system
columns for views (Tom Lane)
</para>
<para>
Views do not have any system columns. However, we forgot to
remove such entries when converting a table to a view. That's fixed
properly for 9.3 and later, but in previous branches we need to defend
against existing mis-converted views.
</para>
</listitem>
<listitem>
<para>
Fix rule printing to dump <literal>INSERT INTO <replaceable>table</>
DEFAULT VALUES</literal> correctly (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Guard against stack overflow when there are too many
<literal>UNION</>/<literal>INTERSECT</>/<literal>EXCEPT</> clauses
in a query (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent platform-dependent failures when dividing the minimum possible
integer value by -1 (Xi Wang, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible access past end of string in date parsing
(Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Fix failure to advance XID epoch if XID wraparound happens during a
checkpoint and <varname>wal_level</> is <literal>hot_standby</>
(Tom Lane, Andres Freund)
</para>
<para>
While this mistake had no particular impact on
<productname>PostgreSQL</productname> itself, it was bad for
applications that rely on <function>txid_current()</> and related
functions: the TXID value would appear to go backwards.
</para>
</listitem>
<listitem>
<para>
Produce an understandable error message if the length of the path name
for a Unix-domain socket exceeds the platform-specific limit
(Tom Lane, Andrew Dunstan)
</para>
<para>
Formerly, this would result in something quite unhelpful, such as
<quote>Non-recoverable failure in name resolution</>.
</para>
</listitem>
<listitem>
<para>
Fix memory leaks when sending composite column values to the client
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <application>pg_ctl</> more robust about reading the
<filename>postmaster.pid</> file (Heikki Linnakangas)
</para>
<para>
Fix race conditions and possible file descriptor leakage.
</para>
</listitem>
<listitem>
<para>
Fix possible crash in <application>psql</> if incorrectly-encoded data
is presented and the <varname>client_encoding</> setting is a
client-only encoding, such as SJIS (Jiang Guiqing)
</para>
</listitem>
<listitem>
<para>
Fix bugs in the <filename>restore.sql</> script emitted by
<application>pg_dump</> in <literal>tar</> output format (Tom Lane)
</para>
<para>
The script would fail outright on tables whose names include
upper-case characters. Also, make the script capable of restoring
data in <option>--inserts</> mode as well as the regular COPY mode.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</> to accept POSIX-conformant
<literal>tar</> files (Brian Weaver, Tom Lane)
</para>
<para>
The original coding of <application>pg_dump</>'s <literal>tar</>
output mode produced files that are not fully conformant with the
POSIX standard. This has been corrected for version 9.3. This
patch updates previous branches so that they will accept both the
incorrect and the corrected formats, in hopes of avoiding
compatibility problems when 9.3 comes out.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_resetxlog</> to locate <filename>postmaster.pid</>
correctly when given a relative path to the data directory (Tom Lane)
</para>
<para>
This mistake could lead to <application>pg_resetxlog</> not noticing
that there is an active postmaster using the data directory.
</para>
</listitem>
<listitem>
<para>
Fix <application>libpq</>'s <function>lo_import()</> and
<function>lo_export()</> functions to report file I/O errors properly
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>'s processing of nested structure pointer
variables (Muhammad Usama)
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</>'s <function>ecpg_get_data</> function to
handle arrays properly (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Make <filename>contrib/pageinspect</>'s btree page inspection
functions take buffer locks while examining pages (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pgxs</> support for building loadable modules on AIX
(Tom Lane)
</para>
<para>
Building modules outside the original source tree didn't work on AIX.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2012j
for DST law changes in Cuba, Israel, Jordan, Libya, Palestine, Western
Samoa, and portions of Brazil.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-10">
<title>Release 9.0.10</title>
<note>
<title>Release Date</title>
<simpara>2012-09-24</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.9.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.10</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.6,
see <xref linkend="release-9-0-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix planner's assignment of executor parameters, and fix executor's
rescan logic for CTE plan nodes (Tom Lane)
</para>
<para>
These errors could result in wrong answers from queries that scan the
same <literal>WITH</> subquery multiple times.
</para>
</listitem>
<listitem>
<para>
Improve page-splitting decisions in GiST indexes (Alexander Korotkov,
Robert Haas, Tom Lane)
</para>
<para>
Multi-column GiST indexes might suffer unexpected bloat due to this
error.
</para>
</listitem>
<listitem>
<para>
Fix cascading privilege revoke to stop if privileges are still held
(Tom Lane)
</para>
<para>
If we revoke a grant option from some role <replaceable>X</>, but
<replaceable>X</> still holds that option via a grant from someone
else, we should not recursively revoke the corresponding privilege
from role(s) <replaceable>Y</> that <replaceable>X</> had granted it
to.
</para>
</listitem>
<listitem>
<para>
Improve error messages for Hot Standby misconfiguration errors
(Gurjeet Singh)
</para>
</listitem>
<listitem>
<para>
Fix handling of <literal>SIGFPE</> when PL/Perl is in use (Andres Freund)
</para>
<para>
Perl resets the process's <literal>SIGFPE</> handler to
<literal>SIG_IGN</>, which could result in crashes later on. Restore
the normal Postgres signal handler after initializing PL/Perl.
</para>
</listitem>
<listitem>
<para>
Prevent PL/Perl from crashing if a recursive PL/Perl function is
redefined while being executed (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Work around possible misoptimization in PL/Perl (Tom Lane)
</para>
<para>
Some Linux distributions contain an incorrect version of
<filename>pthread.h</> that results in incorrect compiled code in
PL/Perl, leading to crashes if a PL/Perl function calls another one
that throws an error.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</>'s handling of line endings on Windows
(Andrew Dunstan)
</para>
<para>
Previously, <application>pg_upgrade</> might add or remove carriage
returns in places such as function bodies.
</para>
</listitem>
<listitem>
<para>
On Windows, make <application>pg_upgrade</> use backslash path
separators in the scripts it emits (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2012f
for DST law changes in Fiji
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-9">
<title>Release 9.0.9</title>
<note>
<title>Release Date</title>
<simpara>2012-08-17</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.8.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.9</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.6,
see <xref linkend="release-9-0-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Prevent access to external files/URLs via XML entity references
(Noah Misch, Tom Lane)
</para>
<para>
<function>xml_parse()</> would attempt to fetch external files or
URLs as needed to resolve DTD and entity references in an XML value,
thus allowing unprivileged database users to attempt to fetch data
with the privileges of the database server. While the external data
wouldn't get returned directly to the user, portions of it could be
exposed in error messages if the data didn't parse as valid XML; and
in any case the mere ability to check existence of a file might be
useful to an attacker. (CVE-2012-3489)
</para>
</listitem>
<listitem>
<para>
Prevent access to external files/URLs via <filename>contrib/xml2</>'s
<function>xslt_process()</> (Peter Eisentraut)
</para>
<para>
<application>libxslt</> offers the ability to read and write both
files and URLs through stylesheet commands, thus allowing
unprivileged database users to both read and write data with the
privileges of the database server. Disable that through proper use
of <application>libxslt</>'s security options. (CVE-2012-3488)
</para>
<para>
Also, remove <function>xslt_process()</>'s ability to fetch documents
and stylesheets from external files/URLs. While this was a
documented <quote>feature</>, it was long regarded as a bad idea.
The fix for CVE-2012-3489 broke that capability, and rather than
expend effort on trying to fix it, we're just going to summarily
remove it.
</para>
</listitem>
<listitem>
<para>
Prevent too-early recycling of btree index pages (Noah Misch)
</para>
<para>
When we allowed read-only transactions to skip assigning XIDs, we
introduced the possibility that a deleted btree page could be
recycled while a read-only transaction was still in flight to it.
This would result in incorrect index search results. The probability
of such an error occurring in the field seems very low because of the
timing requirements, but nonetheless it should be fixed.
</para>
</listitem>
<listitem>
<para>
Fix crash-safety bug with newly-created-or-reset sequences (Tom Lane)
</para>
<para>
If <command>ALTER SEQUENCE</> was executed on a freshly created or
reset sequence, and then precisely one <function>nextval()</> call
was made on it, and then the server crashed, WAL replay would restore
the sequence to a state in which it appeared that no
<function>nextval()</> had been done, thus allowing the first
sequence value to be returned again by the next
<function>nextval()</> call. In particular this could manifest for
<type>serial</> columns, since creation of a serial column's sequence
includes an <command>ALTER SEQUENCE OWNED BY</> step.
</para>
</listitem>
<listitem>
<para>
Fix <function>txid_current()</> to report the correct epoch when not
in hot standby (Heikki Linnakangas)
</para>
<para>
This fixes a regression introduced in the previous minor release.
</para>
</listitem>
<listitem>
<para>
Fix bug in startup of Hot Standby when a master transaction has many
subtransactions (Andres Freund)
</para>
<para>
This mistake led to failures reported as <quote>out-of-order XID
insertion in KnownAssignedXids</>.
</para>
</listitem>
<listitem>
<para>
Ensure the <filename>backup_label</> file is fsync'd after
<function>pg_start_backup()</> (Dave Kerr)
</para>
</listitem>
<listitem>
<para>
Fix timeout handling in walsender processes (Tom Lane)
</para>
<para>
WAL sender background processes neglected to establish a
<systemitem>SIGALRM</> handler, meaning they would wait forever in
some corner cases where a timeout ought to happen.
</para>
</listitem>
<listitem>
<para>
Back-patch 9.1 improvement to compress the fsync request queue
(Robert Haas)
</para>
<para>
This improves performance during checkpoints. The 9.1 change
has now seen enough field testing to seem safe to back-patch.
</para>
</listitem>
<listitem>
<para>
Fix <literal>LISTEN</>/<literal>NOTIFY</> to cope better with I/O
problems, such as out of disk space (Tom Lane)
</para>
<para>
After a write failure, all subsequent attempts to send more
<literal>NOTIFY</> messages would fail with messages like
<quote>Could not read from file "pg_notify/<replaceable>nnnn</>" at
offset <replaceable>nnnnn</>: Success</quote>.
</para>
</listitem>
<listitem>
<para>
Only allow autovacuum to be auto-canceled by a directly blocked
process (Tom Lane)
</para>
<para>
The original coding could allow inconsistent behavior in some cases;
in particular, an autovacuum could get canceled after less than
<literal>deadlock_timeout</> grace period.
</para>
</listitem>
<listitem>
<para>
Improve logging of autovacuum cancels (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Fix log collector so that <literal>log_truncate_on_rotation</> works
during the very first log rotation after server start (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <literal>WITH</> attached to a nested set operation
(<literal>UNION</>/<literal>INTERSECT</>/<literal>EXCEPT</>)
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure that a whole-row reference to a subquery doesn't include any
extra <literal>GROUP BY</> or <literal>ORDER BY</> columns (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Disallow copying whole-row references in <literal>CHECK</>
constraints and index definitions during <command>CREATE TABLE</>
(Tom Lane)
</para>
<para>
This situation can arise in <command>CREATE TABLE</> with
<literal>LIKE</> or <literal>INHERITS</>. The copied whole-row
variable was incorrectly labeled with the row type of the original
table not the new one. Rejecting the case seems reasonable for
<literal>LIKE</>, since the row types might well diverge later. For
<literal>INHERITS</> we should ideally allow it, with an implicit
coercion to the parent table's row type; but that will require more
work than seems safe to back-patch.
</para>
</listitem>
<listitem>
<para>
Fix memory leak in <literal>ARRAY(SELECT ...)</> subqueries (Heikki
Linnakangas, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix extraction of common prefixes from regular expressions (Tom Lane)
</para>
<para>
The code could get confused by quantified parenthesized
subexpressions, such as <literal>^(foo)?bar</>. This would lead to
incorrect index optimization of searches for such patterns.
</para>
</listitem>
<listitem>
<para>
Fix bugs with parsing signed
<replaceable>hh</><literal>:</><replaceable>mm</> and
<replaceable>hh</><literal>:</><replaceable>mm</><literal>:</><replaceable>ss</>
fields in <type>interval</> constants (Amit Kapila, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Use Postgres' encoding conversion functions, not Python's, when
converting a Python Unicode string to the server encoding in
PL/Python (Jan Urbanski)
</para>
<para>
This avoids some corner-case problems, notably that Python doesn't
support all the encodings Postgres does. A notable functional change
is that if the server encoding is SQL_ASCII, you will get the UTF-8
representation of the string; formerly, any non-ASCII characters in
the string would result in an error.
</para>
</listitem>
<listitem>
<para>
Fix mapping of PostgreSQL encodings to Python encodings in PL/Python
(Jan Urbanski)
</para>
</listitem>
<listitem>
<para>
Report errors properly in <filename>contrib/xml2</>'s
<function>xslt_process()</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2012e
for DST law changes in Morocco and Tokelau
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-8">
<title>Release 9.0.8</title>
<note>
<title>Release Date</title>
<simpara>2012-06-04</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.7.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.8</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.6,
see <xref linkend="release-9-0-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix incorrect password transformation in
<filename>contrib/pgcrypto</>'s DES <function>crypt()</> function
(Solar Designer)
</para>
<para>
If a password string contained the byte value <literal>0x80</>, the
remainder of the password was ignored, causing the password to be much
weaker than it appeared. With this fix, the rest of the string is
properly included in the DES hash. Any stored password values that are
affected by this bug will thus no longer match, so the stored values may
need to be updated. (CVE-2012-2143)
</para>
</listitem>
<listitem>
<para>
Ignore <literal>SECURITY DEFINER</> and <literal>SET</> attributes for
a procedural language's call handler (Tom Lane)
</para>
<para>
Applying such attributes to a call handler could crash the server.
(CVE-2012-2655)
</para>
</listitem>
<listitem>
<para>
Allow numeric timezone offsets in <type>timestamp</> input to be up to
16 hours away from UTC (Tom Lane)
</para>
<para>
Some historical time zones have offsets larger than 15 hours, the
previous limit. This could result in dumped data values being rejected
during reload.
</para>
</listitem>
<listitem>
<para>
Fix timestamp conversion to cope when the given time is exactly the
last DST transition time for the current timezone (Tom Lane)
</para>
<para>
This oversight has been there a long time, but was not noticed
previously because most DST-using zones are presumed to have an
indefinite sequence of future DST transitions.
</para>
</listitem>
<listitem>
<para>
Fix <type>text</> to <type>name</> and <type>char</> to <type>name</>
casts to perform string truncation correctly in multibyte encodings
(Karl Schnaitter)
</para>
</listitem>
<listitem>
<para>
Fix memory copying bug in <function>to_tsquery()</> (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Ensure <function>txid_current()</> reports the correct epoch when
executed in hot standby (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Fix planner's handling of outer PlaceHolderVars within subqueries (Tom
Lane)
</para>
<para>
This bug concerns sub-SELECTs that reference variables coming from the
nullable side of an outer join of the surrounding query.
In 9.1, queries affected by this bug would fail with <quote>ERROR:
Upper-level PlaceHolderVar found where not expected</>. But in 9.0 and
8.4, you'd silently get possibly-wrong answers, since the value
transmitted into the subquery wouldn't go to null when it should.
</para>
</listitem>
<listitem>
<para>
Fix slow session startup when <structname>pg_attribute</> is very large
(Tom Lane)
</para>
<para>
If <structname>pg_attribute</> exceeds one-fourth of
<varname>shared_buffers</>, cache rebuilding code that is sometimes
needed during session start would trigger the synchronized-scan logic,
causing it to take many times longer than normal. The problem was
particularly acute if many new sessions were starting at once.
</para>
</listitem>
<listitem>
<para>
Ensure sequential scans check for query cancel reasonably often (Merlin
Moncure)
</para>
<para>
A scan encountering many consecutive pages that contain no live tuples
would not respond to interrupts meanwhile.
</para>
</listitem>
<listitem>
<para>
Ensure the Windows implementation of <function>PGSemaphoreLock()</>
clears <varname>ImmediateInterruptOK</> before returning (Tom Lane)
</para>
<para>
This oversight meant that a query-cancel interrupt received later
in the same query could be accepted at an unsafe time, with
unpredictable but not good consequences.
</para>
</listitem>
<listitem>
<para>
Show whole-row variables safely when printing views or rules
(Abbas Butt, Tom Lane)
</para>
<para>
Corner cases involving ambiguous names (that is, the name could be
either a table or column name of the query) were printed in an
ambiguous way, risking that the view or rule would be interpreted
differently after dump and reload. Avoid the ambiguous case by
attaching a no-op cast.
</para>
</listitem>
<listitem>
<para>
Fix <command>COPY FROM</> to properly handle null marker strings that
correspond to invalid encoding (Tom Lane)
</para>
<para>
A null marker string such as <literal>E'\\0'</> should work, and did
work in the past, but the case got broken in 8.4.
</para>
</listitem>
<listitem>
<para>
Ensure autovacuum worker processes perform stack depth checking
properly (Heikki Linnakangas)
</para>
<para>
Previously, infinite recursion in a function invoked by
auto-<command>ANALYZE</> could crash worker processes.
</para>
</listitem>
<listitem>
<para>
Fix logging collector to not lose log coherency under high load (Andrew
Dunstan)
</para>
<para>
The collector previously could fail to reassemble large messages if it
got too busy.
</para>
</listitem>
<listitem>
<para>
Fix logging collector to ensure it will restart file rotation
after receiving <systemitem>SIGHUP</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix WAL replay logic for GIN indexes to not fail if the index was
subsequently dropped (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix memory leak in PL/pgSQL's <command>RETURN NEXT</> command (Joe
Conway)
</para>
</listitem>
<listitem>
<para>
Fix PL/pgSQL's <command>GET DIAGNOSTICS</> command when the target
is the function's first variable (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix potential access off the end of memory in <application>psql</>'s
expanded display (<command>\x</>) mode (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Fix several performance problems in <application>pg_dump</> when
the database contains many objects (Jeff Janes, Tom Lane)
</para>
<para>
<application>pg_dump</> could get very slow if the database contained
many schemas, or if many objects are in dependency loops, or if there
are many owned sequences.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</> for the case that a database stored in a
non-default tablespace contains a table in the cluster's default
tablespace (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>ecpg</>, fix rare memory leaks and possible overwrite
of one byte after the <structname>sqlca_t</> structure (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/dblink</>'s <function>dblink_exec()</> to not leak
temporary database connections upon error (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/dblink</> to report the correct connection name in
error messages (Kyotaro Horiguchi)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/vacuumlo</> to use multiple transactions when
dropping many large objects (Tim Lewis, Robert Haas, Tom Lane)
</para>
<para>
This change avoids exceeding <varname>max_locks_per_transaction</> when
many objects need to be dropped. The behavior can be adjusted with the
new <literal>-l</> (limit) option.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2012c
for DST law changes in Antarctica, Armenia, Chile, Cuba, Falkland
Islands, Gaza, Haiti, Hebron, Morocco, Syria, and Tokelau Islands;
also historical corrections for Canada.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-7">
<title>Release 9.0.7</title>
<note>
<title>Release Date</title>
<simpara>2012-02-27</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.6.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.7</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.6,
see <xref linkend="release-9-0-6">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Require execute permission on the trigger function for
<command>CREATE TRIGGER</> (Robert Haas)
</para>
<para>
This missing check could allow another user to execute a trigger
function with forged input data, by installing it on a table he owns.
This is only of significance for trigger functions marked
<literal>SECURITY DEFINER</>, since otherwise trigger functions run
as the table owner anyway. (CVE-2012-0866)
</para>
</listitem>
<listitem>
<para>
Remove arbitrary limitation on length of common name in SSL
certificates (Heikki Linnakangas)
</para>
<para>
Both <application>libpq</> and the server truncated the common name
extracted from an SSL certificate at 32 bytes. Normally this would
cause nothing worse than an unexpected verification failure, but there
are some rather-implausible scenarios in which it might allow one
certificate holder to impersonate another. The victim would have to
have a common name exactly 32 bytes long, and the attacker would have
to persuade a trusted CA to issue a certificate in which the common
name has that string as a prefix. Impersonating a server would also
require some additional exploit to redirect client connections.
(CVE-2012-0867)
</para>
</listitem>
<listitem>
<para>
Convert newlines to spaces in names written in <application>pg_dump</>
comments (Robert Haas)
</para>
<para>
<application>pg_dump</> was incautious about sanitizing object names
that are emitted within SQL comments in its output script. A name
containing a newline would at least render the script syntactically
incorrect. Maliciously crafted object names could present a SQL
injection risk when the script is reloaded. (CVE-2012-0868)
</para>
</listitem>
<listitem>
<para>
Fix btree index corruption from insertions concurrent with vacuuming
(Tom Lane)
</para>
<para>
An index page split caused by an insertion could sometimes cause a
concurrently-running <command>VACUUM</> to miss removing index entries
that it should remove. After the corresponding table rows are removed,
the dangling index entries would cause errors (such as <quote>could not
read block N in file ...</>) or worse, silently wrong query results
after unrelated rows are re-inserted at the now-free table locations.
This bug has been present since release 8.2, but occurs so infrequently
that it was not diagnosed until now. If you have reason to suspect
that it has happened in your database, reindexing the affected index
will fix things.
</para>
</listitem>
<listitem>
<para>
Fix transient zeroing of shared buffers during WAL replay (Tom Lane)
</para>
<para>
The replay logic would sometimes zero and refill a shared buffer, so
that the contents were transiently invalid. In hot standby mode this
can result in a query that's executing in parallel seeing garbage data.
Various symptoms could result from that, but the most common one seems
to be <quote>invalid memory alloc request size</>.
</para>
</listitem>
<listitem>
<para>
Fix postmaster to attempt restart after a hot-standby crash (Tom Lane)
</para>
<para>
A logic error caused the postmaster to terminate, rather than attempt
to restart the cluster, if any backend process crashed while operating
in hot standby mode.
</para>
</listitem>
<listitem>
<para>
Fix <command>CLUSTER</>/<command>VACUUM FULL</> handling of toast
values owned by recently-updated rows (Tom Lane)
</para>
<para>
This oversight could lead to <quote>duplicate key value violates unique
constraint</> errors being reported against the toast table's index
during one of these commands.
</para>
</listitem>
<listitem>
<para>
Update per-column permissions, not only per-table permissions, when
changing table owner (Tom Lane)
</para>
<para>
Failure to do this meant that any previously granted column permissions
were still shown as having been granted by the old owner. This meant
that neither the new owner nor a superuser could revoke the
now-untraceable-to-table-owner permissions.
</para>
</listitem>
<listitem>
<para>
Support foreign data wrappers and foreign servers in
<command>REASSIGN OWNED</> (Alvaro Herrera)
</para>
<para>
This command failed with <quote>unexpected classid</> errors if
it needed to change the ownership of any such objects.
</para>
</listitem>
<listitem>
<para>
Allow non-existent values for some settings in <command>ALTER
USER/DATABASE SET</> (Heikki Linnakangas)
</para>
<para>
Allow <varname>default_text_search_config</>,
<varname>default_tablespace</>, and <varname>temp_tablespaces</> to be
set to names that are not known. This is because they might be known
in another database where the setting is intended to be used, or for the
tablespace cases because the tablespace might not be created yet. The
same issue was previously recognized for <varname>search_path</>, and
these settings now act like that one.
</para>
</listitem>
<listitem>
<para>
Avoid crashing when we have problems deleting table files post-commit
(Tom Lane)
</para>
<para>
Dropping a table should lead to deleting the underlying disk files only
after the transaction commits. In event of failure then (for instance,
because of wrong file permissions) the code is supposed to just emit a
warning message and go on, since it's too late to abort the
transaction. This logic got broken as of release 8.4, causing such
situations to result in a PANIC and an unrestartable database.
</para>
</listitem>
<listitem>
<para>
Recover from errors occurring during WAL replay of <command>DROP
TABLESPACE</> (Tom Lane)
</para>
<para>
Replay will attempt to remove the tablespace's directories, but there
are various reasons why this might fail (for example, incorrect
ownership or permissions on those directories). Formerly the replay
code would panic, rendering the database unrestartable without manual
intervention. It seems better to log the problem and continue, since
the only consequence of failure to remove the directories is some
wasted disk space.
</para>
</listitem>
<listitem>
<para>
Fix race condition in logging AccessExclusiveLocks for hot standby
(Simon Riggs)
</para>
<para>
Sometimes a lock would be logged as being held by <quote>transaction
zero</>. This is at least known to produce assertion failures on
slave servers, and might be the cause of more serious problems.
</para>
</listitem>
<listitem>
<para>
Track the OID counter correctly during WAL replay, even when it wraps
around (Tom Lane)
</para>
<para>
Previously the OID counter would remain stuck at a high value until the
system exited replay mode. The practical consequences of that are
usually nil, but there are scenarios wherein a standby server that's
been promoted to master might take a long time to advance the OID
counter to a reasonable value once values are needed.
</para>
</listitem>
<listitem>
<para>
Prevent emitting misleading <quote>consistent recovery state reached</>
log message at the beginning of crash recovery (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix initial value of
<structname>pg_stat_replication</>.<structfield>replay_location</>
(Fujii Masao)
</para>
<para>
Previously, the value shown would be wrong until at least one WAL
record had been replayed.
</para>
</listitem>
<listitem>
<para>
Fix regular expression back-references with <literal>*</> attached
(Tom Lane)
</para>
<para>
Rather than enforcing an exact string match, the code would effectively
accept any string that satisfies the pattern sub-expression referenced
by the back-reference symbol.
</para>
<para>
A similar problem still afflicts back-references that are embedded in a
larger quantified expression, rather than being the immediate subject
of the quantifier. This will be addressed in a future
<productname>PostgreSQL</> release.
</para>
</listitem>
<listitem>
<para>
Fix recently-introduced memory leak in processing of
<type>inet</>/<type>cidr</> values (Heikki Linnakangas)
</para>
<para>
A patch in the December 2011 releases of <productname>PostgreSQL</>
caused memory leakage in these operations, which could be significant
in scenarios such as building a btree index on such a column.
</para>
</listitem>
<listitem>
<para>
Fix dangling pointer after <command>CREATE TABLE AS</>/<command>SELECT
INTO</> in a SQL-language function (Tom Lane)
</para>
<para>
In most cases this only led to an assertion failure in assert-enabled
builds, but worse consequences seem possible.
</para>
</listitem>
<listitem>
<para>
Avoid double close of file handle in syslogger on Windows (MauMau)
</para>
<para>
Ordinarily this error was invisible, but it would cause an exception
when running on a debug version of Windows.
</para>
</listitem>
<listitem>
<para>
Fix I/O-conversion-related memory leaks in plpgsql
(Andres Freund, Jan Urbanski, Tom Lane)
</para>
<para>
Certain operations would leak memory until the end of the current
function.
</para>
</listitem>
<listitem>
<para>
Improve <application>pg_dump</>'s handling of inherited table columns
(Tom Lane)
</para>
<para>
<application>pg_dump</> mishandled situations where a child column has
a different default expression than its parent column. If the default
is textually identical to the parent's default, but not actually the
same (for instance, because of schema search path differences) it would
not be recognized as different, so that after dump and restore the
child would be allowed to inherit the parent's default. Child columns
that are <literal>NOT NULL</> where their parent is not could also be
restored subtly incorrectly.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</>'s direct-to-database mode for
INSERT-style table data (Tom Lane)
</para>
<para>
Direct-to-database restores from archive files made with
<option>--inserts</> or <option>--column-inserts</> options fail when
using <application>pg_restore</> from a release dated September or
December 2011, as a result of an oversight in a fix for another
problem. The archive file itself is not at fault, and text-mode
output is okay.
</para>
</listitem>
<listitem>
<para>
Allow <application>pg_upgrade</> to process tables containing
<type>regclass</> columns (Bruce Momjian)
</para>
<para>
Since <application>pg_upgrade</> now takes care to preserve
<structname>pg_class</> OIDs, there was no longer any reason for this
restriction.
</para>
</listitem>
<listitem>
<para>
Make <application>libpq</> ignore <literal>ENOTDIR</> errors
when looking for an SSL client certificate file
(Magnus Hagander)
</para>
<para>
This allows SSL connections to be established, though without a
certificate, even when the user's home directory is set to something
like <literal>/dev/null</>.
</para>
</listitem>
<listitem>
<para>
Fix some more field alignment issues in <application>ecpg</>'s SQLDA area
(Zoltan Boszormenyi)
</para>
</listitem>
<listitem>
<para>
Allow <literal>AT</> option in <application>ecpg</>
<literal>DEALLOCATE</> statements (Michael Meskes)
</para>
<para>
The infrastructure to support this has been there for awhile, but
through an oversight there was still an error check rejecting the case.
</para>
</listitem>
<listitem>
<para>
Do not use the variable name when defining a varchar structure in ecpg
(Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix <filename>contrib/auto_explain</>'s JSON output mode to produce
valid JSON (Andrew Dunstan)
</para>
<para>
The output used brackets at the top level, when it should have used
braces.
</para>
</listitem>
<listitem>
<para>
Fix error in <filename>contrib/intarray</>'s <literal>int[] &amp;
int[]</> operator (Guillaume Lelarge)
</para>
<para>
If the smallest integer the two input arrays have in common is 1,
and there are smaller values in either array, then 1 would be
incorrectly omitted from the result.
</para>
</listitem>
<listitem>
<para>
Fix error detection in <filename>contrib/pgcrypto</>'s
<function>encrypt_iv()</> and <function>decrypt_iv()</>
(Marko Kreen)
</para>
<para>
These functions failed to report certain types of invalid-input errors,
and would instead return random garbage values for incorrect input.
</para>
</listitem>
<listitem>
<para>
Fix one-byte buffer overrun in <filename>contrib/test_parser</>
(Paul Guyot)
</para>
<para>
The code would try to read one more byte than it should, which would
crash in corner cases.
Since <filename>contrib/test_parser</> is only example code, this is
not a security issue in itself, but bad example code is still bad.
</para>
</listitem>
<listitem>
<para>
Use <function>__sync_lock_test_and_set()</> for spinlocks on ARM, if
available (Martin Pitt)
</para>
<para>
This function replaces our previous use of the <literal>SWPB</>
instruction, which is deprecated and not available on ARMv6 and later.
Reports suggest that the old code doesn't fail in an obvious way on
recent ARM boards, but simply doesn't interlock concurrent accesses,
leading to bizarre failures in multiprocess operation.
</para>
</listitem>
<listitem>
<para>
Use <option>-fexcess-precision=standard</> option when building with
gcc versions that accept it (Andrew Dunstan)
</para>
<para>
This prevents assorted scenarios wherein recent versions of gcc will
produce creative results.
</para>
</listitem>
<listitem>
<para>
Allow use of threaded Python on FreeBSD (Chris Rees)
</para>
<para>
Our configure script previously believed that this combination wouldn't
work; but FreeBSD fixed the problem, so remove that error check.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-6">
<title>Release 9.0.6</title>
<note>
<title>Release Date</title>
<simpara>2011-12-05</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.5.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.6</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, a longstanding error was discovered in the definition of the
<literal>information_schema.referential_constraints</> view. If you
rely on correct results from that view, you should replace its
definition as explained in the first changelog item below.
</para>
<para>
Also, if you are upgrading from a version earlier than 9.0.4,
see <xref linkend="release-9-0-4">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix bugs in <literal>information_schema.referential_constraints</> view
(Tom Lane)
</para>
<para>
This view was being insufficiently careful about matching the
foreign-key constraint to the depended-on primary or unique key
constraint. That could result in failure to show a foreign key
constraint at all, or showing it multiple times, or claiming that it
depends on a different constraint than the one it really does.
</para>
<para>
Since the view definition is installed by <application>initdb</>,
merely upgrading will not fix the problem. If you need to fix this
in an existing installation, you can (as a superuser) drop the
<literal>information_schema</> schema then re-create it by sourcing
<filename><replaceable>SHAREDIR</>/information_schema.sql</filename>.
(Run <literal>pg_config --sharedir</> if you're uncertain where
<replaceable>SHAREDIR</> is.) This must be repeated in each database
to be fixed.
</para>
</listitem>
<listitem>
<para>
Fix possible crash during <command>UPDATE</> or <command>DELETE</> that
joins to the output of a scalar-returning function (Tom Lane)
</para>
<para>
A crash could only occur if the target row had been concurrently
updated, so this problem surfaced only intermittently.
</para>
</listitem>
<listitem>
<para>
Fix incorrect replay of WAL records for GIN index updates
(Tom Lane)
</para>
<para>
This could result in transiently failing to find index entries after
a crash, or on a hot-standby server. The problem would be repaired
by the next <command>VACUUM</> of the index, however.
</para>
</listitem>
<listitem>
<para>
Fix TOAST-related data corruption during <literal>CREATE TABLE dest AS
SELECT * FROM src</> or <literal>INSERT INTO dest SELECT * FROM src</>
(Tom Lane)
</para>
<para>
If a table has been modified by <command>ALTER TABLE ADD COLUMN</>,
attempts to copy its data verbatim to another table could produce
corrupt results in certain corner cases.
The problem can only manifest in this precise form in 8.4 and later,
but we patched earlier versions as well in case there are other code
paths that could trigger the same bug.
</para>
</listitem>
<listitem>
<para>
Fix possible failures during hot standby startup (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Start hot standby faster when initial snapshot is incomplete
(Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Fix race condition during toast table access from stale syscache entries
(Tom Lane)
</para>
<para>
The typical symptom was transient errors like <quote>missing chunk
number 0 for toast value NNNNN in pg_toast_2619</>, where the cited
toast table would always belong to a system catalog.
</para>
</listitem>
<listitem>
<para>
Track dependencies of functions on items used in parameter default
expressions (Tom Lane)
</para>
<para>
Previously, a referenced object could be dropped without having dropped
or modified the function, leading to misbehavior when the function was
used. Note that merely installing this update will not fix the missing
dependency entries; to do that, you'd need to <command>CREATE OR
REPLACE</> each such function afterwards. If you have functions whose
defaults depend on non-built-in objects, doing so is recommended.
</para>
</listitem>
<listitem>
<para>
Allow inlining of set-returning SQL functions with multiple OUT
parameters (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Don't trust deferred-unique indexes for join removal (Tom Lane and Marti
Raudsepp)
</para>
<para>
A deferred uniqueness constraint might not hold intra-transaction,
so assuming that it does could give incorrect query results.
</para>
</listitem>
<listitem>
<para>
Make <function>DatumGetInetP()</> unpack inet datums that have a 1-byte
header, and add a new macro, <function>DatumGetInetPP()</>, that does
not (Heikki Linnakangas)
</para>
<para>
This change affects no core code, but might prevent crashes in add-on
code that expects <function>DatumGetInetP()</> to produce an unpacked
datum as per usual convention.
</para>
</listitem>
<listitem>
<para>
Improve locale support in <type>money</> type's input and output
(Tom Lane)
</para>
<para>
Aside from not supporting all standard
<link linkend="guc-lc-monetary"><varname>lc_monetary</></link>
formatting options, the input and output functions were inconsistent,
meaning there were locales in which dumped <type>money</> values could
not be re-read.
</para>
</listitem>
<listitem>
<para>
Don't let <link
linkend="guc-transform-null-equals"><varname>transform_null_equals</></link>
affect <literal>CASE foo WHEN NULL ...</> constructs
(Heikki Linnakangas)
</para>
<para>
<varname>transform_null_equals</> is only supposed to affect
<literal>foo = NULL</> expressions written directly by the user, not
equality checks generated internally by this form of <literal>CASE</>.
</para>
</listitem>
<listitem>
<para>
Change foreign-key trigger creation order to better support
self-referential foreign keys (Tom Lane)
</para>
<para>
For a cascading foreign key that references its own table, a row update
will fire both the <literal>ON UPDATE</> trigger and the
<literal>CHECK</> trigger as one event. The <literal>ON UPDATE</>
trigger must execute first, else the <literal>CHECK</> will check a
non-final state of the row and possibly throw an inappropriate error.
However, the firing order of these triggers is determined by their
names, which generally sort in creation order since the triggers have
auto-generated names following the convention
<quote>RI_ConstraintTrigger_NNNN</>. A proper fix would require
modifying that convention, which we will do in 9.2, but it seems risky
to change it in existing releases. So this patch just changes the
creation order of the triggers. Users encountering this type of error
should drop and re-create the foreign key constraint to get its
triggers into the right order.
</para>
</listitem>
<listitem>
<para>
Avoid floating-point underflow while tracking buffer allocation rate
(Greg Matthews)
</para>
<para>
While harmless in itself, on certain platforms this would result in
annoying kernel log messages.
</para>
</listitem>
<listitem>
<para>
Preserve configuration file name and line number values when starting
child processes under Windows (Tom Lane)
</para>
<para>
Formerly, these would not be displayed correctly in the
<structname>pg_settings</> view.
</para>
</listitem>
<listitem>
<para>
Fix incorrect field alignment in <application>ecpg</>'s SQLDA area
(Zoltan Boszormenyi)
</para>
</listitem>
<listitem>
<para>
Preserve blank lines within commands in <application>psql</>'s command
history (Robert Haas)
</para>
<para>
The former behavior could cause problems if an empty line was removed
from within a string literal, for example.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to dump user-defined casts between
auto-generated types, such as table rowtypes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Assorted fixes for <application>pg_upgrade</> (Bruce Momjian)
</para>
<para>
Handle exclusion constraints correctly, avoid failures on Windows,
don't complain about mismatched toast table names in 8.4 databases.
</para>
</listitem>
<listitem>
<para>
Use the preferred version of <application>xsubpp</> to build PL/Perl,
not necessarily the operating system's main copy
(David Wheeler and Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Fix incorrect coding in <filename>contrib/dict_int</> and
<filename>contrib/dict_xsyn</> (Tom Lane)
</para>
<para>
Some functions incorrectly assumed that memory returned by
<function>palloc()</> is guaranteed zeroed.
</para>
</listitem>
<listitem>
<para>
Fix assorted errors in <filename>contrib/unaccent</>'s configuration
file parsing (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Honor query cancel interrupts promptly in <function>pgstatindex()</>
(Robert Haas)
</para>
</listitem>
<listitem>
<para>
Fix incorrect quoting of log file name in macOS start script
(Sidar Lopez)
</para>
</listitem>
<listitem>
<para>
Ensure VPATH builds properly install all server header files
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Shorten file names reported in verbose error messages (Peter Eisentraut)
</para>
<para>
Regular builds have always reported just the name of the C file
containing the error message call, but VPATH builds formerly
reported an absolute path name.
</para>
</listitem>
<listitem>
<para>
Fix interpretation of Windows timezone names for Central America
(Tom Lane)
</para>
<para>
Map <quote>Central America Standard Time</> to <literal>CST6</>, not
<literal>CST6CDT</>, because DST is generally not observed anywhere in
Central America.
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2011n
for DST law changes in Brazil, Cuba, Fiji, Palestine, Russia, and Samoa;
also historical corrections for Alaska and British East Africa.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-5">
<title>Release 9.0.5</title>
<note>
<title>Release Date</title>
<simpara>2011-09-26</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.4.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.5</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if you are upgrading from a version earlier than 9.0.4,
see <xref linkend="release-9-0-4">.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix catalog cache invalidation after a <command>VACUUM FULL</> or
<command>CLUSTER</> on a system catalog (Tom Lane)
</para>
<para>
In some cases the relocation of a system catalog row to another place
would not be recognized by concurrent server processes, allowing catalog
corruption to occur if they then tried to update that row. The
worst-case outcome could be as bad as complete loss of a table.
</para>
</listitem>
<listitem>
<para>
Fix incorrect order of operations during sinval reset processing,
and ensure that TOAST OIDs are preserved in system catalogs (Tom
Lane)
</para>
<para>
These mistakes could lead to transient failures after a <command>VACUUM
FULL</> or <command>CLUSTER</> on a system catalog.
</para>
</listitem>
<listitem>
<para>
Fix bugs in indexing of in-doubt HOT-updated tuples (Tom Lane)
</para>
<para>
These bugs could result in index corruption after reindexing a system
catalog. They are not believed to affect user indexes.
</para>
</listitem>
<listitem>
<para>
Fix multiple bugs in GiST index page split processing (Heikki
Linnakangas)
</para>
<para>
The probability of occurrence was low, but these could lead to index
corruption.
</para>
</listitem>
<listitem>
<para>
Fix possible buffer overrun in <function>tsvector_concat()</>
(Tom Lane)
</para>
<para>
The function could underestimate the amount of memory needed for its
result, leading to server crashes.
</para>
</listitem>
<listitem>
<para>
Fix crash in <function>xml_recv</> when processing a
<quote>standalone</> parameter (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <function>pg_options_to_table</> return NULL for an option with no
value (Tom Lane)
</para>
<para>
Previously such cases would result in a server crash.
</para>
</listitem>
<listitem>
<para>
Avoid possibly accessing off the end of memory in <command>ANALYZE</>
and in SJIS-2004 encoding conversion (Noah Misch)
</para>
<para>
This fixes some very-low-probability server crash scenarios.
</para>
</listitem>
<listitem>
<para>
Protect <function>pg_stat_reset_shared()</> against NULL input (Magnus
Hagander)
</para>
</listitem>
<listitem>
<para>
Fix possible failure when a recovery conflict deadlock is detected
within a sub-transaction (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Avoid spurious conflicts while recycling btree index pages during hot
standby (Noah Misch, Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Shut down WAL receiver if it's still running at end of recovery (Heikki
Linnakangas)
</para>
<para>
The postmaster formerly panicked in this situation, but it's actually a
legitimate case.
</para>
</listitem>
<listitem>
<para>
Fix race condition in relcache init file invalidation (Tom Lane)
</para>
<para>
There was a window wherein a new backend process could read a stale init
file but miss the inval messages that would tell it the data is stale.
The result would be bizarre failures in catalog accesses, typically
<quote>could not read block 0 in file ...</> later during startup.
</para>
</listitem>
<listitem>
<para>
Fix memory leak at end of a GiST index scan (Tom Lane)
</para>
<para>
Commands that perform many separate GiST index scans, such as
verification of a new GiST-based exclusion constraint on a table
already containing many rows, could transiently require large amounts of
memory due to this leak.
</para>
</listitem>
<listitem>
<para>
Fix memory leak when encoding conversion has to be done on incoming
command strings and <command>LISTEN</> is active (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix incorrect memory accounting (leading to possible memory bloat) in
tuplestores supporting holdable cursors and plpgsql's <literal>RETURN
NEXT</> command (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix trigger <literal>WHEN</> conditions when both <literal>BEFORE</> and
<literal>AFTER</> triggers exist (Tom Lane)
</para>
<para>
Evaluation of <literal>WHEN</> conditions for <literal>AFTER ROW
UPDATE</> triggers could crash if there had been a <literal>BEFORE
ROW</> trigger fired for the same update.
</para>
</listitem>
<listitem>
<para>
Fix performance problem when constructing a large, lossy bitmap
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix join selectivity estimation for unique columns (Tom Lane)
</para>
<para>
This fixes an erroneous planner heuristic that could lead to poor
estimates of the result size of a join.
</para>
</listitem>
<listitem>
<para>
Fix nested PlaceHolderVar expressions that appear only in sub-select
target lists (Tom Lane)
</para>
<para>
This mistake could result in outputs of an outer join incorrectly
appearing as NULL.
</para>
</listitem>
<listitem>
<para>
Allow the planner to assume that empty parent tables really are empty
(Tom Lane)
</para>
<para>
Normally an empty table is assumed to have a certain minimum size for
planning purposes; but this heuristic seems to do more harm than good
for the parent table of an inheritance hierarchy, which often is
permanently empty.
</para>
</listitem>
<listitem>
<para>
Allow nested <literal>EXISTS</> queries to be optimized properly (Tom
Lane)
</para>
</listitem>
<listitem>
<para>
Fix array- and path-creating functions to ensure padding bytes are
zeroes (Tom Lane)
</para>
<para>
This avoids some situations where the planner will think that
semantically-equal constants are not equal, resulting in poor
optimization.
</para>
</listitem>
<listitem>
<para>
Fix <command>EXPLAIN</> to handle gating Result nodes within
inner-indexscan subplans (Tom Lane)
</para>
<para>
The usual symptom of this oversight was <quote>bogus varno</> errors.
</para>
</listitem>
<listitem>
<para>
Fix btree preprocessing of <replaceable>indexedcol</> <literal>IS
NULL</> conditions (Dean Rasheed)
</para>
<para>
Such a condition is unsatisfiable if combined with any other type of
btree-indexable condition on the same index column. The case was
handled incorrectly in 9.0.0 and later, leading to query output where
there should be none.
</para>
</listitem>
<listitem>
<para>
Work around gcc 4.6.0 bug that breaks WAL replay (Tom Lane)
</para>
<para>
This could lead to loss of committed transactions after a server crash.
</para>
</listitem>
<listitem>
<para>
Fix dump bug for <literal>VALUES</> in a view (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Disallow <literal>SELECT FOR UPDATE/SHARE</> on sequences (Tom Lane)
</para>
<para>
This operation doesn't work as expected and can lead to failures.
</para>
</listitem>
<listitem>
<para>
Fix <command>VACUUM</> so that it always updates
<literal>pg_class</>.<literal>reltuples</>/<literal>relpages</> (Tom
Lane)
</para>
<para>
This fixes some scenarios where autovacuum could make increasingly poor
decisions about when to vacuum tables.
</para>
</listitem>
<listitem>
<para>
Defend against integer overflow when computing size of a hash table (Tom
Lane)
</para>
</listitem>
<listitem>
<para>
Fix cases where <command>CLUSTER</> might attempt to access
already-removed TOAST data (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix premature timeout failures during initial authentication transaction
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix portability bugs in use of credentials control messages for
<quote>peer</> authentication (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix SSPI login when multiple roundtrips are required (Ahmed Shinwari,
Magnus Hagander)
</para>
<para>
The typical symptom of this problem was <quote>The function requested is
not supported</> errors during SSPI login.
</para>
</listitem>
<listitem>
<para>
Fix failure when adding a new variable of a custom variable class to
<filename>postgresql.conf</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Throw an error if <filename>pg_hba.conf</> contains <literal>hostssl</>
but SSL is disabled (Tom Lane)
</para>
<para>
This was concluded to be more user-friendly than the previous behavior
of silently ignoring such lines.
</para>
</listitem>
<listitem>
<para>
Fix failure when <command>DROP OWNED BY</> attempts to remove default
privileges on sequences (Shigeru Hanada)
</para>
</listitem>
<listitem>
<para>
Fix typo in <function>pg_srand48</> seed initialization (Andres Freund)
</para>
<para>
This led to failure to use all bits of the provided seed. This function
is not used on most platforms (only those without <function>srandom</>),
and the potential security exposure from a less-random-than-expected
seed seems minimal in any case.
</para>
</listitem>
<listitem>
<para>
Avoid integer overflow when the sum of <literal>LIMIT</> and
<literal>OFFSET</> values exceeds 2^63 (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Add overflow checks to <type>int4</> and <type>int8</> versions of
<function>generate_series()</> (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Fix trailing-zero removal in <function>to_char()</> (Marti Raudsepp)
</para>
<para>
In a format with <literal>FM</> and no digit positions
after the decimal point, zeroes to the left of the decimal point could
be removed incorrectly.
</para>
</listitem>
<listitem>
<para>
Fix <function>pg_size_pretty()</> to avoid overflow for inputs close to
2^63 (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Weaken plpgsql's check for typmod matching in record values (Tom Lane)
</para>
<para>
An overly enthusiastic check could lead to discarding length modifiers
that should have been kept.
</para>
</listitem>
<listitem>
<para>
Correctly handle quotes in locale names during <application>initdb</>
(Heikki Linnakangas)
</para>
<para>
The case can arise with some Windows locales, such as <quote>People's
Republic of China</>.
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, avoid dumping orphaned temporary tables
(Bruce Momjian)
</para>
<para>
This prevents situations wherein table OID assignments could get out of
sync between old and new installations.
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_upgrade</> to preserve toast tables' relfrozenxids
during an upgrade from 8.3 (Bruce Momjian)
</para>
<para>
Failure to do this could lead to <filename>pg_clog</> files being
removed too soon after the upgrade.
</para>
</listitem>
<listitem>
<para>
In <application>pg_upgrade</>, fix the <literal>-l</> (log) option to
work on Windows (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
In <application>pg_ctl</>, support silent mode for service registrations
on Windows (MauMau)
</para>
</listitem>
<listitem>
<para>
Fix <application>psql</>'s counting of script file line numbers during
<literal>COPY</> from a different file (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</>'s direct-to-database mode for
<varname>standard_conforming_strings</> (Tom Lane)
</para>
<para>
<application>pg_restore</> could emit incorrect commands when restoring
directly to a database server from an archive file that had been made
with <varname>standard_conforming_strings</> set to <literal>on</>.
</para>
</listitem>
<listitem>
<para>
Be more user-friendly about unsupported cases for parallel
<application>pg_restore</> (Tom Lane)
</para>
<para>
This change ensures that such cases are detected and reported before
any restore actions have been taken.
</para>
</listitem>
<listitem>
<para>
Fix write-past-buffer-end and memory leak in <application>libpq</>'s
LDAP service lookup code (Albe Laurenz)
</para>
</listitem>
<listitem>
<para>
In <application>libpq</>, avoid failures when using nonblocking I/O
and an SSL connection (Martin Pihlak, Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve libpq's handling of failures during connection startup
(Tom Lane)
</para>
<para>
In particular, the response to a server report of <function>fork()</>
failure during SSL connection startup is now saner.
</para>
</listitem>
<listitem>
<para>
Improve <application>libpq</>'s error reporting for SSL failures (Tom
Lane)
</para>
</listitem>
<listitem>
<para>
Fix <function>PQsetvalue()</> to avoid possible crash when adding a new
tuple to a <structname>PGresult</> originally obtained from a server
query (Andrew Chernow)
</para>
</listitem>
<listitem>
<para>
Make <application>ecpglib</> write <type>double</> values with 15 digits
precision (Akira Kurosawa)
</para>
</listitem>
<listitem>
<para>
In <application>ecpglib</>, be sure <literal>LC_NUMERIC</> setting is
restored after an error (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Apply upstream fix for blowfish signed-character bug (CVE-2011-2483)
(Tom Lane)
</para>
<para>
<filename>contrib/pg_crypto</>'s blowfish encryption code could give
wrong results on platforms where char is signed (which is most),
leading to encrypted passwords being weaker than they should be.
</para>
</listitem>
<listitem>
<para>
Fix memory leak in <filename>contrib/seg</> (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix <function>pgstatindex()</> to give consistent results for empty
indexes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow building with perl 5.14 (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Fix assorted issues with build and install file paths containing spaces
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2011i
for DST law changes in Canada, Egypt, Russia, Samoa, and South Sudan.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-4">
<title>Release 9.0.4</title>
<note>
<title>Release Date</title>
<simpara>2011-04-18</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.3.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.4</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
<para>
However, if your installation was upgraded from a previous major
release by running <application>pg_upgrade</>, you should take
action to prevent possible data loss due to a now-fixed bug in
<application>pg_upgrade</>. The recommended solution is to run
<command>VACUUM FREEZE</> on all TOAST tables.
More information is available at <ulink
url="http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix">
http://wiki.postgresql.org/wiki/20110408pg_upgrade_fix</ulink>.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Fix <application>pg_upgrade</>'s handling of TOAST tables
(Bruce Momjian)
</para>
<para>
The <structname>pg_class</>.<structfield>relfrozenxid</> value for
TOAST tables was not correctly copied into the new installation
during <application>pg_upgrade</>. This could later result in
<literal>pg_clog</> files being discarded while they were still
needed to validate tuples in the TOAST tables, leading to
<quote>could not access status of transaction</> failures.
</para>
<para>
This error poses a significant risk of data loss for installations
that have been upgraded with <application>pg_upgrade</>. This patch
corrects the problem for future uses of <application>pg_upgrade</>,
but does not in itself cure the issue in installations that have been
processed with a buggy version of <application>pg_upgrade</>.
</para>
</listitem>
<listitem>
<para>
Suppress incorrect <quote>PD_ALL_VISIBLE flag was incorrectly set</>
warning (Heikki Linnakangas)
</para>
<para>
<command>VACUUM</> would sometimes issue this warning in cases that
are actually valid.
</para>
</listitem>
<listitem>
<para>
Use better SQLSTATE error codes for hot standby conflict cases
(Tatsuo Ishii and Simon Riggs)
</para>
<para>
All retryable conflict errors now have an error code that indicates
that a retry is possible. Also, session closure due to the database
being dropped on the master is now reported as
<literal>ERRCODE_DATABASE_DROPPED</>, rather than
<literal>ERRCODE_ADMIN_SHUTDOWN</>, so that connection poolers can
handle the situation correctly.
</para>
</listitem>
<listitem>
<para>
Prevent intermittent hang in interactions of startup process with
bgwriter process (Simon Riggs)
</para>
<para>
This affected recovery in non-hot-standby cases.
</para>
</listitem>
<listitem>
<para>
Disallow including a composite type in itself (Tom Lane)
</para>
<para>
This prevents scenarios wherein the server could recurse infinitely
while processing the composite type. While there are some possible
uses for such a structure, they don't seem compelling enough to
justify the effort required to make sure it always works safely.
</para>
</listitem>
<listitem>
<para>
Avoid potential deadlock during catalog cache initialization
(Nikhil Sontakke)
</para>
<para>
In some cases the cache loading code would acquire share lock on a
system index before locking the index's catalog. This could deadlock
against processes trying to acquire exclusive locks in the other,
more standard order.
</para>
</listitem>
<listitem>
<para>
Fix dangling-pointer problem in <literal>BEFORE ROW UPDATE</> trigger
handling when there was a concurrent update to the target tuple
(Tom Lane)
</para>
<para>
This bug has been observed to result in intermittent <quote>cannot
extract system attribute from virtual tuple</> failures while trying to
do <literal>UPDATE RETURNING ctid</>. There is a very small probability
of more serious errors, such as generating incorrect index entries for
the updated tuple.
</para>
</listitem>
<listitem>
<para>
Disallow <command>DROP TABLE</> when there are pending deferred trigger
events for the table (Tom Lane)
</para>
<para>
Formerly the <command>DROP</> would go through, leading to
<quote>could not open relation with OID nnn</> errors when the
triggers were eventually fired.
</para>
</listitem>
<listitem>
<para>
Allow <quote>replication</> as a user name in
<filename>pg_hba.conf</> (Andrew Dunstan)
</para>
<para>
<quote>replication</> is special in the database name column, but it
was mistakenly also treated as special in the user name column.
</para>
</listitem>
<listitem>
<para>
Prevent crash triggered by constant-false WHERE conditions during
GEQO optimization (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve planner's handling of semi-join and anti-join cases
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix handling of <literal>SELECT FOR UPDATE</> in a sub-SELECT
(Tom Lane)
</para>
<para>
This bug typically led to <quote>cannot extract system attribute from
virtual tuple</> errors.
</para>
</listitem>
<listitem>
<para>
Fix selectivity estimation for text search to account for NULLs
(Jesper Krogh)
</para>
</listitem>
<listitem>
<para>
Fix get_actual_variable_range() to support hypothetical indexes
injected by an index adviser plugin (Gurjeet Singh)
</para>
</listitem>
<listitem>
<para>
Fix PL/Python memory leak involving array slices (Daniel Popowich)
</para>
</listitem>
<listitem>
<para>
Allow <application>libpq</>'s SSL initialization to succeed when
user's home directory is unavailable (Tom Lane)
</para>
<para>
If the SSL mode is such that a root certificate file is not required,
there is no need to fail. This change restores the behavior to what
it was in pre-9.0 releases.
</para>
</listitem>
<listitem>
<para>
Fix <application>libpq</> to return a useful error message for errors
detected in <function>conninfo_array_parse</> (Joseph Adams)
</para>
<para>
A typo caused the library to return NULL, rather than the
<structname>PGconn</> structure containing the error message, to the
application.
</para>
</listitem>
<listitem>
<para>
Fix <application>ecpg</> preprocessor's handling of float constants
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix parallel <application>pg_restore</> to handle comments on
POST_DATA items correctly (Arnd Hannemann)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_restore</> to cope with long lines (over 1KB) in
TOC files (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Put in more safeguards against crashing due to division-by-zero
with overly enthusiastic compiler optimization (Aurelien Jarno)
</para>
</listitem>
<listitem>
<para>
Support use of dlopen() in FreeBSD and OpenBSD on MIPS (Tom Lane)
</para>
<para>
There was a hard-wired assumption that this system function was not
available on MIPS hardware on these systems. Use a compile-time test
instead, since more recent versions have it.
</para>
</listitem>
<listitem>
<para>
Fix compilation failures on HP-UX (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Avoid crash when trying to write to the Windows console very early
in process startup (Rushabh Lathia)
</para>
</listitem>
<listitem>
<para>
Support building with MinGW 64 bit compiler for Windows
(Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Fix version-incompatibility problem with <application>libintl</> on
Windows (Hiroshi Inoue)
</para>
</listitem>
<listitem>
<para>
Fix usage of <application>xcopy</> in Windows build scripts to
work correctly under Windows 7 (Andrew Dunstan)
</para>
<para>
This affects the build scripts only, not installation or usage.
</para>
</listitem>
<listitem>
<para>
Fix path separator used by <application>pg_regress</> on Cygwin
(Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2011f
for DST law changes in Chile, Cuba, Falkland Islands, Morocco, Samoa,
and Turkey; also historical corrections for South Australia, Alaska,
and Hawaii.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-3">
<title>Release 9.0.3</title>
<note>
<title>Release Date</title>
<simpara>2011-01-31</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.2.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.3</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Before exiting <application>walreceiver</>, ensure all the received WAL
is fsync'd to disk (Heikki Linnakangas)
</para>
<para>
Otherwise the standby server could replay some un-synced WAL, conceivably
leading to data corruption if the system crashes just at that point.
</para>
</listitem>
<listitem>
<para>
Avoid excess fsync activity in <application>walreceiver</>
(Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Make <command>ALTER TABLE</> revalidate uniqueness and exclusion
constraints when needed (Noah Misch)
</para>
<para>
This was broken in 9.0 by a change that was intended to suppress
revalidation during <command>VACUUM FULL</> and <command>CLUSTER</>,
but unintentionally affected <command>ALTER TABLE</> as well.
</para>
</listitem>
<listitem>
<para>
Fix EvalPlanQual for <command>UPDATE</> of an inheritance tree in which
the tables are not all alike (Tom Lane)
</para>
<para>
Any variation in the table row types (including dropped columns present
in only some child tables) would confuse the EvalPlanQual code, leading
to misbehavior or even crashes. Since EvalPlanQual is only executed
during concurrent updates to the same row, the problem was only seen
intermittently.
</para>
</listitem>
<listitem>
<para>
Avoid failures when <command>EXPLAIN</> tries to display a simple-form
<literal>CASE</> expression (Tom Lane)
</para>
<para>
If the <literal>CASE</>'s test expression was a constant, the planner
could simplify the <literal>CASE</> into a form that confused the
expression-display code, resulting in <quote>unexpected CASE WHEN
clause</> errors.
</para>
</listitem>
<listitem>
<para>
Fix assignment to an array slice that is before the existing range
of subscripts (Tom Lane)
</para>
<para>
If there was a gap between the newly added subscripts and the first
pre-existing subscript, the code miscalculated how many entries needed
to be copied from the old array's null bitmap, potentially leading to
data corruption or crash.
</para>
</listitem>
<listitem>
<para>
Avoid unexpected conversion overflow in planner for very distant date
values (Tom Lane)
</para>
<para>
The <type>date</> type supports a wider range of dates than can be
represented by the <type>timestamp</> types, but the planner assumed it
could always convert a date to timestamp with impunity.
</para>
</listitem>
<listitem>
<para>
Fix PL/Python crash when an array contains null entries (Alex Hunsaker)
</para>
</listitem>
<listitem>
<para>
Remove <application>ecpg</>'s fixed length limit for constants defining
an array dimension (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Fix erroneous parsing of <type>tsquery</> values containing
<literal>... &amp; !(subexpression) | ...</literal> (Tom Lane)
</para>
<para>
Queries containing this combination of operators were not executed
correctly. The same error existed in <filename>contrib/intarray</>'s
<type>query_int</> type and <filename>contrib/ltree</>'s
<type>ltxtquery</> type.
</para>
</listitem>
<listitem>
<para>
Fix buffer overrun in <filename>contrib/intarray</>'s input function
for the <type>query_int</> type (Apple)
</para>
<para>
This bug is a security risk since the function's return address could
be overwritten. Thanks to Apple Inc's security team for reporting this
issue and supplying the fix. (CVE-2010-4015)
</para>
</listitem>
<listitem>
<para>
Fix bug in <filename>contrib/seg</>'s GiST picksplit algorithm
(Alexander Korotkov)
</para>
<para>
This could result in considerable inefficiency, though not actually
incorrect answers, in a GiST index on a <type>seg</> column.
If you have such an index, consider <command>REINDEX</>ing it after
installing this update. (This is identical to the bug that was fixed in
<filename>contrib/cube</> in the previous update.)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-2">
<title>Release 9.0.2</title>
<note>
<title>Release Date</title>
<simpara>2010-12-16</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.1.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.2</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Force the default
<link linkend="guc-wal-sync-method"><varname>wal_sync_method</></link>
to be <literal>fdatasync</> on Linux (Tom Lane, Marti Raudsepp)
</para>
<para>
The default on Linux has actually been <literal>fdatasync</> for many
years, but recent kernel changes caused <productname>PostgreSQL</> to
choose <literal>open_datasync</> instead. This choice did not result
in any performance improvement, and caused outright failures on
certain filesystems, notably <literal>ext4</> with the
<literal>data=journal</> mount option.
</para>
</listitem>
<listitem>
<para>
Fix <quote>too many KnownAssignedXids</> error during Hot Standby
replay (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix race condition in lock acquisition during Hot Standby (Simon Riggs)
</para>
</listitem>
<listitem>
<para>
Avoid unnecessary conflicts during Hot Standby (Simon Riggs)
</para>
<para>
This fixes some cases where replay was considered to conflict with
standby queries (causing delay of replay or possibly cancellation of
the queries), but there was no real conflict.
</para>
</listitem>
<listitem>
<para>
Fix assorted bugs in WAL replay logic for GIN indexes (Tom Lane)
</para>
<para>
This could result in <quote>bad buffer id: 0</> failures or
corruption of index contents during replication.
</para>
</listitem>
<listitem>
<para>
Fix recovery from base backup when the starting checkpoint WAL record
is not in the same WAL segment as its redo point (Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Fix corner-case bug when streaming replication is enabled immediately
after creating the master database cluster (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Fix persistent slowdown of autovacuum workers when multiple workers
remain active for a long time (Tom Lane)
</para>
<para>
The effective <varname>vacuum_cost_limit</> for an autovacuum worker
could drop to nearly zero if it processed enough tables, causing it
to run extremely slowly.
</para>
</listitem>
<listitem>
<para>
Fix long-term memory leak in autovacuum launcher (Alvaro Herrera)
</para>
</listitem>
<listitem>
<para>
Avoid failure when trying to report an impending transaction
wraparound condition from outside a transaction (Tom Lane)
</para>
<para>
This oversight prevented recovery after transaction wraparound got
too close, because database startup processing would fail.
</para>
</listitem>
<listitem>
<para>
Add support for detecting register-stack overrun on <literal>IA64</>
(Tom Lane)
</para>
<para>
The <literal>IA64</> architecture has two hardware stacks. Full
prevention of stack-overrun failures requires checking both.
</para>
</listitem>
<listitem>
<para>
Add a check for stack overflow in <function>copyObject()</> (Tom Lane)
</para>
<para>
Certain code paths could crash due to stack overflow given a
sufficiently complex query.
</para>
</listitem>
<listitem>
<para>
Fix detection of page splits in temporary GiST indexes (Heikki
Linnakangas)
</para>
<para>
It is possible to have a <quote>concurrent</> page split in a
temporary index, if for example there is an open cursor scanning the
index when an insertion is done. GiST failed to detect this case and
hence could deliver wrong results when execution of the cursor
continued.
</para>
</listitem>
<listitem>
<para>
Fix error checking during early connection processing (Tom Lane)
</para>
<para>
The check for too many child processes was skipped in some cases,
possibly leading to postmaster crash when attempting to add the new
child process to fixed-size arrays.
</para>
</listitem>
<listitem>
<para>
Improve efficiency of window functions (Tom Lane)
</para>
<para>
Certain cases where a large number of tuples needed to be read in
advance, but <varname>work_mem</> was large enough to allow them all
to be held in memory, were unexpectedly slow.
<function>percent_rank()</>, <function>cume_dist()</> and
<function>ntile()</> in particular were subject to this problem.
</para>
</listitem>
<listitem>
<para>
Avoid memory leakage while <command>ANALYZE</>'ing complex index
expressions (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Ensure an index that uses a whole-row Var still depends on its table
(Tom Lane)
</para>
<para>
An index declared like <literal>create index i on t (foo(t.*))</>
would not automatically get dropped when its table was dropped.
</para>
</listitem>
<listitem>
<para>
Add missing support in <command>DROP OWNED BY</> for removing foreign
data wrapper/server privileges belonging to a user (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
Do not <quote>inline</> a SQL function with multiple <literal>OUT</>
parameters (Tom Lane)
</para>
<para>
This avoids a possible crash due to loss of information about the
expected result rowtype.
</para>
</listitem>
<listitem>
<para>
Fix crash when inline-ing a set-returning function whose argument list
contains a reference to an inline-able user function (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Behave correctly if <literal>ORDER BY</>, <literal>LIMIT</>,
<literal>FOR UPDATE</>, or <literal>WITH</> is attached to the
<literal>VALUES</> part of <literal>INSERT ... VALUES</> (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make the <literal>OFF</> keyword unreserved (Heikki Linnakangas)
</para>
<para>
This prevents problems with using <literal>off</> as a variable name in
<application>PL/pgSQL</>. That worked before 9.0, but was now broken
because <application>PL/pgSQL</> now treats all core reserved words
as reserved.
</para>
</listitem>
<listitem>
<para>
Fix constant-folding of <literal>COALESCE()</> expressions (Tom Lane)
</para>
<para>
The planner would sometimes attempt to evaluate sub-expressions that
in fact could never be reached, possibly leading to unexpected errors.
</para>
</listitem>
<listitem>
<para>
Fix <quote>could not find pathkey item to sort</> planner failure
with comparison of whole-row Vars (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix postmaster crash when connection acceptance
(<function>accept()</> or one of the calls made immediately after it)
fails, and the postmaster was compiled with GSSAPI support (Alexander
Chernikov)
</para>
</listitem>
<listitem>
<para>
Retry after receiving an invalid response packet from a RADIUS
authentication server (Magnus Hagander)
</para>
<para>
This fixes a low-risk potential denial of service condition.
</para>
</listitem>
<listitem>
<para>
Fix missed unlink of temporary files when <varname>log_temp_files</>
is active (Tom Lane)
</para>
<para>
If an error occurred while attempting to emit the log message, the
unlink was not done, resulting in accumulation of temp files.
</para>
</listitem>
<listitem>
<para>
Add print functionality for <structname>InhRelation</> nodes (Tom Lane)
</para>
<para>
This avoids a failure when <varname>debug_print_parse</> is enabled
and certain types of query are executed.
</para>
</listitem>
<listitem>
<para>
Fix incorrect calculation of distance from a point to a horizontal
line segment (Tom Lane)
</para>
<para>
This bug affected several different geometric distance-measurement
operators.
</para>
</listitem>
<listitem>
<para>
Fix incorrect calculation of transaction status in
<application>ecpg</> (Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Fix errors in <application>psql</>'s Unicode-escape support (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Speed up parallel <application>pg_restore</> when the archive
contains many large objects (blobs) (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/pgSQL</>'s handling of <quote>simple</>
expressions to not fail in recursion or error-recovery cases (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/pgSQL</>'s error reporting for no-such-column
cases (Tom Lane)
</para>
<para>
As of 9.0, it would sometimes report <quote>missing FROM-clause entry
for table foo</> when <quote>record foo has no field bar</> would be
more appropriate.
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/Python</> to honor typmod (i.e., length or
precision restrictions) when assigning to tuple fields (Tom Lane)
</para>
<para>
This fixes a regression from 8.4.
</para>
</listitem>
<listitem>
<para>
Fix <application>PL/Python</>'s handling of set-returning functions
(Jan Urbanski)
</para>
<para>
Attempts to call SPI functions within the iterator generating a set
result would fail.
</para>
</listitem>
<listitem>
<para>
Fix bug in <filename>contrib/cube</>'s GiST picksplit algorithm
(Alexander Korotkov)
</para>
<para>
This could result in considerable inefficiency, though not actually
incorrect answers, in a GiST index on a <type>cube</> column.
If you have such an index, consider <command>REINDEX</>ing it after
installing this update.
</para>
</listitem>
<listitem>
<para>
Don't emit <quote>identifier will be truncated</> notices in
<filename>contrib/dblink</> except when creating new connections
(Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Fix potential coredump on missing public key in
<filename>contrib/pgcrypto</> (Marti Raudsepp)
</para>
</listitem>
<listitem>
<para>
Fix buffer overrun in <filename>contrib/pg_upgrade</> (Hernan Gonzalez)
</para>
</listitem>
<listitem>
<para>
Fix memory leak in <filename>contrib/xml2</>'s XPath query functions
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Update time zone data files to <application>tzdata</> release 2010o
for DST law changes in Fiji and Samoa;
also historical corrections for Hong Kong.
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0-1">
<title>Release 9.0.1</title>
<note>
<title>Release Date</title>
<simpara>2010-10-04</simpara>
</note>
<para>
This release contains a variety of fixes from 9.0.0.
For information about new features in the 9.0 major release, see
<xref linkend="release-9-0">.
</para>
<sect2>
<title>Migration to Version 9.0.1</title>
<para>
A dump/restore is not required for those running 9.0.X.
</para>
</sect2>
<sect2>
<title>Changes</title>
<itemizedlist>
<listitem>
<para>
Use a separate interpreter for each calling SQL userid in PL/Perl and
PL/Tcl (Tom Lane)
</para>
<para>
This change prevents security problems that can be caused by subverting
Perl or Tcl code that will be executed later in the same session under
another SQL user identity (for example, within a <literal>SECURITY
DEFINER</> function). Most scripting languages offer numerous ways that
that might be done, such as redefining standard functions or operators
called by the target function. Without this change, any SQL user with
Perl or Tcl language usage rights can do essentially anything with the
SQL privileges of the target function's owner.
</para>
<para>
The cost of this change is that intentional communication among Perl
and Tcl functions becomes more difficult. To provide an escape hatch,
PL/PerlU and PL/TclU functions continue to use only one interpreter
per session. This is not considered a security issue since all such
functions execute at the trust level of a database superuser already.
</para>
<para>
It is likely that third-party procedural languages that claim to offer
trusted execution have similar security issues. We advise contacting
the authors of any PL you are depending on for security-critical
purposes.
</para>
<para>
Our thanks to Tim Bunce for pointing out this issue (CVE-2010-3433).
</para>
</listitem>
<listitem>
<para>
Improve <function>pg_get_expr()</> security fix so that the function
can still be used on the output of a sub-select (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix incorrect placement of placeholder evaluation (Tom Lane)
</para>
<para>
This bug could result in query outputs being non-null when they
should be null, in cases where the inner side of an outer join
is a sub-select with non-strict expressions in its output list.
</para>
</listitem>
<listitem>
<para>
Fix join removal's handling of placeholder expressions (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Fix possible duplicate scans of <literal>UNION ALL</> member relations
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Prevent infinite loop in ProcessIncomingNotify() after unlistening
(Jeff Davis)
</para>
</listitem>
<listitem>
<para>
Prevent show_session_authorization() from crashing within autovacuum
processes (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Re-allow input of Julian dates prior to 0001-01-01 AD (Tom Lane)
</para>
<para>
Input such as <literal>'J100000'::date</> worked before 8.4,
but was unintentionally broken by added error-checking.
</para>
</listitem>
<listitem>
<para>
Make psql recognize <command>DISCARD ALL</> as a command that should
not be encased in a transaction block in autocommit-off mode
(Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Update build infrastructure and documentation to reflect the source code
repository's move from CVS to Git (Magnus Hagander and others)
</para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
<sect1 id="release-9-0">
<title>Release 9.0</title>
<note>
<title>Release Date</title>
<simpara>2010-09-20</simpara>
</note>
<sect2>
<title>Overview</title>
<para>
This release of
<productname>PostgreSQL</> adds features that have been requested
for years, such as easy-to-use replication, a mass permission-changing
facility, and anonymous code blocks. While past major releases have
been conservative in their scope, this release shows a
bold new desire to provide facilities that new and existing
users of <productname>PostgreSQL</> will embrace. This has all
been done with few incompatibilities. Major enhancements include:
</para>
<itemizedlist>
<!-- This list duplicates items below, but without authors or details-->
<listitem>
<para>
Built-in replication based on log shipping. This advance consists of
two features: Streaming Replication, allowing continuous archive
(<acronym>WAL</>) files to be streamed over a network connection to a
standby server, and Hot Standby, allowing continuous archive standby
servers to execute read-only queries. The net effect is to support a
single master with multiple read-only slave servers.
</para>
</listitem>
<listitem>
<para>
Easier database object permissions management. <link
linkend="SQL-GRANT"><command>GRANT</>/<command>REVOKE IN
SCHEMA</></link> supports mass permissions changes on existing objects,
while <link linkend="SQL-ALTERDEFAULTPRIVILEGES"><command>ALTER DEFAULT
PRIVILEGES</></link> allows control of privileges for objects created in
the future. Large objects (BLOBs) now support permissions management as
well.
</para>
</listitem>
<listitem>
<para>
Broadly enhanced stored procedure support.
The <link linkend="SQL-DO"><command>DO</></link> statement supports
ad-hoc or <quote>anonymous</> code blocks.
Functions can now be called using named parameters.
<link linkend="plpgsql">PL/pgSQL</link> is now installed by default, and
<link linkend="plperl">PL/Perl</link> and <link
linkend="plpython">PL/Python</link> have been enhanced in several ways,
including support for Python3.
</para>
</listitem>
<listitem>
<para>
Full support for <link linkend="install-windows">64-bit
<productname>Windows</></link>.
</para>
</listitem>
<listitem>
<para>
More advanced reporting queries, including additional windowing options
(<literal>PRECEDING</> and <literal>FOLLOWING</>) and the ability to
control the order in which values are fed to aggregate functions.
</para>
</listitem>
<listitem>
<para>
New trigger features, including
SQL-standard-compliant <link
linkend="SQL-CREATETRIGGER">per-column triggers</link> and
conditional trigger execution.
</para>
</listitem>
<listitem>
<para>
<link linkend="SQL-CREATETABLE-compatibility">Deferrable
unique constraints</link>. Mass updates to unique keys are now possible
without trickery.
</para>
</listitem>
<listitem>
<para>
<link linkend="ddl-constraints-exclusion">Exclusion constraints</link>.
These provide a generalized version of unique constraints, allowing
enforcement of complex conditions.
</para>
</listitem>
<listitem>
<para>
New and enhanced security features, including RADIUS authentication,
LDAP authentication improvements, and a new contrib module
<link linkend="passwordcheck"><filename>passwordcheck</></link>
for testing password strength.
</para>
</listitem>
<listitem>
<para>
New high-performance implementation of the
<link linkend="SQL-LISTEN"><command>LISTEN</></link>/<link
linkend="SQL-NOTIFY"><command>NOTIFY</></link> feature.
Pending events are now stored in a memory-based queue rather than
a table. Also, a <quote>payload</> string can be sent with each
event, rather than transmitting just an event name as before.
</para>
</listitem>
<listitem>
<para>
New implementation of
<link linkend="SQL-VACUUM"><command>VACUUM FULL</></link>.
This command now rewrites the entire table and indexes, rather than
moving individual rows to compact space. It is substantially faster
in most cases, and no longer results in index bloat.
</para>
</listitem>
<listitem>
<para>
New contrib module
<link linkend="pgupgrade"><filename>pg_upgrade</></link>
to support in-place upgrades from 8.3 or 8.4 to 9.0.
</para>
</listitem>
<listitem>
<para>
Multiple performance enhancements for specific types of queries,
including elimination of unnecessary joins. This helps optimize some
automatically-generated queries, such as those produced by
object-relational mappers (ORMs).
</para>
</listitem>
<listitem>
<para>
<link linkend="SQL-EXPLAIN "><command>EXPLAIN</></link> enhancements.
The output is now available in JSON, XML, or YAML format, and includes
buffer utilization and other data not previously available.
</para>
</listitem>
<listitem>
<para>
<link linkend="hstore"><filename>hstore</></link> improvements,
including new functions and greater data capacity.
</para>
</listitem>
</itemizedlist>
<para>
The above items are explained in more detail in the sections below.
</para>
</sect2>
<sect2>
<title>Migration to Version 9.0</title>
<para>
A dump/restore using <application>pg_dump</application>,
or use of <application>pg_upgrade</application>, is required
for those wishing to migrate data from any previous
release.
</para>
<para>
Version 9.0 contains a number of changes that selectively break backwards
compatibility in order to support new features and code quality
improvements. In particular, users who make extensive use of PL/pgSQL,
Point-In-Time Recovery (PITR), or Warm Standby should test their
applications because of slight user-visible changes in those areas.
Observe the following incompatibilities:
</para>
<sect3>
<title>Server Settings</title>
<itemizedlist>
<listitem>
<para>
Remove server parameter <varname>add_missing_from</>, which was
defaulted to off for many years (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Remove server parameter <varname>regex_flavor</>, which
was defaulted to <link
linkend="posix-syntax-details"><literal>advanced</></link>
for many years (Tom Lane)
</para>
</listitem>
<listitem>
<para>
<link linkend="guc-archive-mode"><varname>archive_mode</></link>
now only affects <link
linkend="guc-archive-command"><varname>archive_command</></link>;
a new setting, <link
linkend="guc-wal-level"><varname>wal_level</></link>, affects
the contents of the write-ahead log (Heikki Linnakangas)
</para>
</listitem>
<listitem>
<para>
<link linkend="guc-log-temp-files"><varname>log_temp_files</></link>
now uses default file size units of kilobytes (Robert Haas)
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Queries</title>
<itemizedlist>
<listitem>
<para>
When querying a <link linkend="ddl-inherit">parent table</link>,
do not do any separate permission checks on child tables
scanned as part of the query (Peter Eisentraut)
</para>
<para>
The SQL standard specifies this behavior, and it is also much more
convenient in practice than the former behavior of checking permissions
on each child as well as the parent.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Data Types</title>
<itemizedlist>
<listitem>
<para>
<link linkend="datatype-binary"><type>bytea</></link> output now
appears in hex format by default (Peter Eisentraut)
</para>
<para>
The server parameter <link
linkend="guc-bytea-output"><varname>bytea_output</></link> can be
used to select the traditional output format if needed for
compatibility.
</para>
</listitem>
<listitem>
<para>
Array input now considers only plain ASCII whitespace characters
to be potentially ignorable; it will never ignore non-ASCII characters,
even if they are whitespace according to some locales (Tom Lane)
</para>
<para>
This avoids some corner cases where array values could be interpreted
differently depending on the server's locale settings.
</para>
</listitem>
<listitem>
<para>
Improve standards compliance of <link
linkend="functions-similarto-regexp"><literal>SIMILAR TO</></link>
patterns and SQL-style <function>substring()</> patterns (Tom Lane)
</para>
<para>
This includes treating <literal>?</> and <literal>{...}</> as
pattern metacharacters, while they were simple literal characters
before; that corresponds to new features added in SQL:2008.
Also, <literal>^</> and <literal>$</> are now treated as simple
literal characters; formerly they were treated as metacharacters,
as if the pattern were following POSIX rather than SQL rules.
Also, in SQL-standard <function>substring()</>, use of parentheses
for nesting no longer interferes with capturing of a substring.
Also, processing of bracket expressions (character classes) is
now more standards-compliant.
</para>
</listitem>
<listitem>
<para>
Reject negative length values in 3-parameter <link
linkend="functions-string-sql"><function>substring()</></link>
for bit strings, per the SQL standard (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Make <function>date_trunc</> truncate rather than round when reducing
precision of fractional seconds (Tom Lane)
</para>
<para>
The code always acted this way for integer-based dates/times.
Now float-based dates/times behave similarly.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Object Renaming</title>
<itemizedlist>
<listitem>
<para>
Tighten enforcement of column name consistency during <command>RENAME</>
when a child table inherits the same column from multiple unrelated
parents (KaiGai Kohei)
</para>
</listitem>
<listitem>
<para>
No longer automatically rename indexes and index columns when the
underlying table columns are renamed (Tom Lane)
</para>
<para>
Administrators can still rename such indexes and columns manually.
This change will require an update of the JDBC driver, and possibly other
drivers, so that unique indexes are correctly recognized after a rename.
</para>
</listitem>
<listitem>
<para>
<command>CREATE OR REPLACE FUNCTION</command> can no longer change
the declared names of function parameters (Pavel Stehule)
</para>
<para>
In order to avoid creating ambiguity in named-parameter calls, it is
no longer allowed to change the aliases for input parameters
in the declaration of an existing function (although names can still
be assigned to previously unnamed parameters). You now have to
<command>DROP</command> and recreate the function to do that.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>PL/pgSQL</title>
<itemizedlist>
<listitem>
<para>
PL/pgSQL now throws an error if a variable name conflicts with a
column name used in a query (Tom Lane)
</para>
<para>
The former behavior was to bind ambiguous names to PL/pgSQL variables
in preference to query columns, which often resulted in surprising
misbehavior. Throwing an error allows easy detection of ambiguous
situations. Although it's recommended that functions encountering this
type of error be modified to remove the conflict, the old behavior can
be restored if necessary via the configuration parameter <link
linkend="plpgsql-var-subst"><varname>plpgsql.variable_conflict</></link>,
or via the per-function option <literal>#variable_conflict</>.
</para>
</listitem>
<listitem>
<para>
PL/pgSQL no longer allows variable names that match certain SQL
reserved words (Tom Lane)
</para>
<para>
This is a consequence of aligning the PL/pgSQL parser to match the
core SQL parser more closely. If necessary,
variable names can be double-quoted to avoid this restriction.
</para>
</listitem>
<listitem>
<para>
PL/pgSQL now requires columns of composite results to match the
expected type modifier as well as base type (Pavel Stehule, Tom Lane)
</para>
<para>
For example, if a column of the result type is declared as
<literal>NUMERIC(30,2)</>, it is no longer acceptable to return a
<literal>NUMERIC</> of some other precision in that column. Previous
versions neglected to check the type modifier and would thus allow
result rows that didn't actually conform to the declared restrictions.
</para>
</listitem>
<listitem>
<para>
PL/pgSQL now treats selection into composite fields more consistently
(Tom Lane)
</para>
<para>
Formerly, a statement like
<literal>SELECT ... INTO <replaceable>rec</>.<replaceable>fld</> FROM ...</literal>
was treated as a scalar assignment even if the record field
<replaceable>fld</> was of composite type. Now it is treated as a
record assignment, the same as when the <literal>INTO</> target is a
regular variable of composite type. So the values to be assigned to the
field's subfields should be written as separate columns of the
<command>SELECT</> list, not as a <literal>ROW(...)</> construct as in
previous versions.
</para>
<para>
If you need to do this in a way that will work in both 9.0 and previous
releases, you can write something like
<literal><replaceable>rec</>.<replaceable>fld</> := ROW(...) FROM ...</literal>.
</para>
</listitem>
<listitem>
<para>
Remove PL/pgSQL's <literal>RENAME</> declaration (Tom Lane)
</para>
<para>
Instead of <literal>RENAME</>, use <link
linkend="plpgsql-declaration-alias"><literal>ALIAS</></link>,
which can now create an alias for any variable, not only dollar sign
parameter names (such as <literal>$1</>) as before.
</para>
</listitem>
</itemizedlist>
</sect3>
<sect3>
<title>Other Incompatibilities</title>
<itemizedlist>
<listitem>
<para>
Deprecate use of <literal>=&gt;</> as an operator name (Robert Haas)
</para>
<para>
Future versions of <productname>PostgreSQL</> will probably reject
this operator name entirely, in order to support the SQL-standard
notation for named function parameters. For the moment, it is
still allowed, but a warning is emitted when such an operator is
defined.
</para>
</listitem>
<listitem>
<para>
Remove support for platforms that don't have a working 64-bit
integer data type (Tom Lane)
</para>
<para>
It is believed all still-supported platforms have working 64-bit
integer data types.
</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
<sect2>
<title>Changes</title>
<para>
Version 9.0 has an unprecedented number of new major features,
and over 200 enhancements, improvements, new commands,
new functions, and other changes.
</para>
<sect3>
<title>Server</title>
<sect4>
<title>Continuous Archiving and Streaming Replication</title>
<para>
PostgreSQL's existing standby-server capability has been expanded both to
support read-only queries on standby servers and to greatly reduce
the lag between master and standby servers. For many users, this
will be a useful and low-administration form of replication, either
for high availability or for horizontal scalability.
</para>
<itemizedlist>
<listitem>
<para>
Allow a standby server to accept read-only queries
(Simon Riggs, Heikki Linnakangas)
</para>
<para>
This feature is called Hot Standby. There are new
<filename>postgresql.conf</> and <filename>recovery.conf</>
settings to control this feature, as well as extensive
<link linkend="hot-standby">documentation</link>.
</para>
</listitem>
<listitem>
<para>
Allow write-ahead log (<acronym>WAL</>) data to be streamed to a
standby server (Fujii Masao, Heikki Linnakangas)
</para>
<para>
This feature is called Streaming Replication.
Previously <acronym>WAL</> data could be sent to standby servers only
in units of entire <acronym>WAL</> files (normally 16 megabytes each).
Streaming Replication eliminates this inefficiency and allows updates
on the master to be propagated to standby servers with very little
delay. There are new <filename>postgresql.conf</> and
<filename>recovery.conf</> settings to control this feature, as well as
extensive <link linkend="streaming-replication">documentation</link>.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="functions-recovery-info-table"><function>pg_last_xlog_receive_location()</></link>
and <function>pg_last_xlog_replay_location()</>, which
can be used to monitor standby server <acronym>WAL</>
activity (Simon Riggs, Fujii Masao, Heikki Linnakangas)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Performance</title>
<itemizedlist>
<listitem>
<para>
Allow per-tablespace values to be set for sequential and random page
cost estimates (<varname>seq_page_cost</>/<varname>random_page_cost</>)
via <link linkend="SQL-ALTERTABLESPACE"><command>ALTER TABLESPACE
... SET/RESET</></link> (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Improve performance and reliability of EvalPlanQual rechecks in join
queries (Tom Lane)
</para>
<para>
<command>UPDATE</>, <command>DELETE</>, and <command>SELECT FOR
UPDATE/SHARE</> queries that involve joins will now behave much better
when encountering freshly-updated rows.
</para>
</listitem>
<listitem>
<para>
Improve performance of <link
linkend="SQL-TRUNCATE"><command>TRUNCATE</></link> when
the table was created or truncated earlier in the same transaction
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve performance of finding inheritance child tables (Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Optimizer</title>
<itemizedlist>
<listitem>
<para>
Remove unnecessary <link linkend="queries-join">outer
joins</link> (Robert Haas)
</para>
<para>
Outer joins where the inner side is unique and not referenced above
the join are unnecessary and are therefore now removed. This will
accelerate many automatically generated queries, such as those created
by object-relational mappers (ORMs).
</para>
</listitem>
<listitem>
<para>
Allow <literal>IS NOT NULL</> restrictions to use indexes (Tom Lane)
</para>
<para>
This is particularly useful for finding
<function>MAX()</>/<function>MIN()</> values in indexes that
contain many null values.
</para>
</listitem>
<listitem>
<para>
Improve the optimizer's choices about when to use materialize nodes,
and when to use sorting versus hashing for <literal>DISTINCT</>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve the optimizer's equivalence detection for expressions involving
<type>boolean</> <literal>&lt;&gt;</> operators (Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="geqo">GEQO</link></title>
<itemizedlist>
<listitem>
<para>
Use the same random seed every time GEQO plans a query (Andres
Freund)
</para>
<para>
While the Genetic Query Optimizer (GEQO) still selects
random plans, it now always selects the same random plans for identical
queries, thus giving more consistent performance. You can modify <link
linkend="guc-geqo-seed"><varname>geqo_seed</></link> to experiment with
alternative plans.
</para>
</listitem>
<listitem>
<para>
Improve GEQO plan selection (Tom Lane)
</para>
<para>
This avoids the rare error <quote>failed to make a valid plan</>,
and should also improve planning speed.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Optimizer Statistics</title>
<itemizedlist>
<listitem>
<para>
Improve <link linkend="SQL-ANALYZE"><command>ANALYZE</></link>
to support inheritance-tree statistics (Tom Lane)
</para>
<para>
This is particularly useful for partitioned tables. However,
autovacuum does not yet automatically re-analyze parent tables
when child tables change.
</para>
</listitem>
<listitem>
<para>
Improve <link linkend="routine-vacuuming">autovacuum</link>'s
detection of when re-analyze is necessary (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve optimizer's estimation for greater/less-than comparisons
(Tom Lane)
</para>
<para>
When looking up statistics for greater/less-than comparisons,
if the comparison value is in the first or last histogram bucket,
use an index (if available) to fetch the current actual column
minimum or maximum. This greatly improves the accuracy of estimates
for comparison values near the ends of the data range, particularly
if the range is constantly changing due to addition of new data.
</para>
</listitem>
<listitem>
<para>
Allow setting of number-of-distinct-values statistics using <link
linkend="SQL-ALTERTABLE"><command>ALTER TABLE</></link>
(Robert Haas)
</para>
<para>
This allows users to override the estimated number or percentage of
distinct values for a column. This statistic is normally computed by
<command>ANALYZE</>, but the estimate can be poor, especially on tables
with very large numbers of rows.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Authentication</title>
<itemizedlist>
<listitem>
<para>
Add support for <link
linkend="auth-radius"><acronym>RADIUS</></link> (Remote
Authentication Dial In User Service) authentication
(Magnus Hagander)
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="auth-ldap"><acronym>LDAP</></link>
(Lightweight Directory Access Protocol) authentication
to operate in <quote>search/bind</> mode
(Robert Fleming, Magnus Hagander)
</para>
<para>
This allows the user to be looked up first, then the system uses
the <acronym>DN</> (Distinguished Name) returned for that user.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="auth-pg-hba-conf"><literal>samehost</></link>
and <literal>samenet</> designations to
<filename>pg_hba.conf</> (Stef Walter)
</para>
<para>
These match the server's <acronym>IP</> address and subnet address
respectively.
</para>
</listitem>
<listitem>
<para>
Pass trusted SSL root certificate names to the client so the client
can return an appropriate client certificate (Craig Ringer)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Monitoring</title>
<itemizedlist>
<listitem>
<para>
Add the ability for clients to set an <link
linkend="libpq-connect-application-name">application
name</link>, which is displayed in
<structname>pg_stat_activity</> (Dave Page)
</para>
<para>
This allows administrators to characterize database traffic
and troubleshoot problems by source application.
</para>
</listitem>
<listitem>
<para>
Add a SQLSTATE option (<literal>%e</>) to <link
linkend="guc-log-line-prefix"><varname>log_line_prefix</></link>
(Guillaume Smet)
</para>
<para>
This allows users to compile statistics on errors and messages
by error code number.
</para>
</listitem>
<listitem>
<para>
Write to the Windows event log in <acronym>UTF16</> encoding
(Itagaki Takahiro)
</para>
<para>
Now there is true multilingual support for PostgreSQL log messages
on Windows.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Statistics Counters</title>
<itemizedlist>
<listitem>
<para>
Add <link
linkend="monitoring-stats-funcs-table"><function>pg_stat_reset_shared('bgwriter')</></link>
to reset the cluster-wide shared statistics for the
background writer (Greg Smith)
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="monitoring-stats-funcs-table"><function>pg_stat_reset_single_table_counters()</></link>
and <function>pg_stat_reset_single_function_counters()</>
to allow resetting the statistics counters for individual
tables and functions (Magnus Hagander)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Server Settings</title>
<itemizedlist>
<listitem>
<para>
Allow setting of configuration parameters based on <link
linkend="sql-alterrole">database/role combinations</link>
(Alvaro Herrera)
</para>
<para>
Previously only per-database and per-role settings were possible,
not combinations. All role and database settings are now stored
in the new <structname>pg_db_role_setting</> system catalog. A new
<application>psql</> command <literal>\drds</> shows these settings.
The legacy system views <structname>pg_roles</>,
<structname>pg_shadow</>, and <structname>pg_user</>
do not show combination settings, and therefore no longer
completely represent the configuration for a user or database.
</para>
</listitem>
<listitem>
<para>
Add server parameter <link
linkend="guc-bonjour"><varname>bonjour</></link>, which
controls whether a Bonjour-enabled server advertises
itself via <productname>Bonjour</> (Tom Lane)
</para>
<para>
The default is off, meaning it does not advertise. This allows
packagers to distribute Bonjour-enabled builds without worrying
that individual users might not want the feature.
</para>
</listitem>
<listitem>
<para>
Add server parameter <link
linkend="guc-enable-material"><varname>enable_material</></link>, which
controls the use of materialize nodes in the optimizer
(Robert Haas)
</para>
<para>
The default is on. When off, the optimizer will not add
materialize nodes purely for performance reasons, though they
will still be used when necessary for correctness.
</para>
</listitem>
<listitem>
<para>
Change server parameter <link
linkend="guc-log-temp-files"><varname>log_temp_files</></link> to
use default file size units of kilobytes (Robert Haas)
</para>
<para>
Previously this setting was interpreted in bytes if no units were
specified.
</para>
</listitem>
<listitem>
<para>
Log changes of parameter values when <filename>postgresql.conf</> is
reloaded (Peter Eisentraut)
</para>
<para>
This lets administrators and security staff audit changes of database
settings, and is also very convenient for checking the effects of
<filename>postgresql.conf</> edits.
</para>
</listitem>
<listitem>
<para>
Properly enforce superuser permissions for custom server parameters
(Tom Lane)
</para>
<para>
Non-superusers can no longer issue <command>ALTER
ROLE</>/<command>DATABASE SET</> for parameters that are not currently
known to the server. This allows the server to correctly check that
superuser-only parameters are only set by superusers. Previously,
the <literal>SET</> would be allowed and then ignored at session start,
making superuser-only custom parameters much less useful than they
should be.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Queries</title>
<itemizedlist>
<listitem>
<para>
Perform <link linkend="SQL-FOR-UPDATE-SHARE"><command>SELECT
FOR UPDATE</>/<literal>SHARE</></link> processing after
applying <literal>LIMIT</>, so the number of rows returned
is always predictable (Tom Lane)
</para>
<para>
Previously, changes made by concurrent transactions could cause a
<command>SELECT FOR UPDATE</> to unexpectedly return fewer rows than
specified by its <literal>LIMIT</>. <literal>FOR UPDATE</> in combination
with <literal>ORDER BY</> can still produce surprising results, but that
can be corrected by placing <literal>FOR UPDATE</> in a subquery.
</para>
</listitem>
<listitem>
<para>
Allow mixing of traditional and SQL-standard <link
linkend="SQL-LIMIT"><literal>LIMIT</>/<literal>OFFSET</></link>
syntax (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Extend the supported frame options in <link
linkend="SQL-WINDOW">window functions</link> (Hitoshi
Harada)
</para>
<para>
Frames can now start with <literal>CURRENT ROW</>, and the <literal>ROWS
<replaceable>n</> PRECEDING</>/<literal>FOLLOWING</> options are now
supported.
</para>
</listitem>
<listitem>
<para>
Make <command>SELECT INTO</> and <command>CREATE TABLE AS</> return
row counts to the client in their command tags
(Boszormenyi Zoltan)
</para>
<para>
This can save an entire round-trip to the client, allowing result counts
and pagination to be calculated without an additional
<command>COUNT</command> query.
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Unicode Strings</title>
<itemizedlist>
<listitem>
<para>
Support Unicode surrogate pairs (dual 16-bit representation) in
<link
linkend="sql-syntax-strings-uescape"><literal>U&amp;</></link>
strings and identifiers (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Support Unicode escapes in <link
linkend="sql-syntax-strings-escape"><literal>E'...'</></link>
strings (Marko Kreen)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Object Manipulation</title>
<itemizedlist>
<listitem>
<para>
Speed up <link linkend="SQL-CREATEDATABASE"><command>CREATE
DATABASE</></link> by deferring flushes to disk (Andres
Freund, Greg Stark)
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="SQL-COMMENT">comments</link> on
columns of tables, views, and composite types only, not other
relation types such as indexes and <acronym>TOAST</> tables (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow the creation of <link
linkend="SQL-CREATETYPE-enum">enumerated types</link> containing
no values (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Let values of columns having storage type <literal>MAIN</> remain on
the main heap page unless the row cannot fit on a page (Kevin Grittner)
</para>
<para>
Previously <literal>MAIN</> values were forced out to <acronym>TOAST</>
tables until the row size was less than one-quarter of the page size.
</para>
</listitem>
</itemizedlist>
<sect4>
<title><command>ALTER TABLE</></title>
<itemizedlist>
<listitem>
<para>
Implement <literal>IF EXISTS</> for <literal>ALTER TABLE DROP COLUMN</>
and <literal>ALTER TABLE DROP CONSTRAINT </> (Andres Freund)
</para>
</listitem>
<listitem>
<para>
Allow <command>ALTER TABLE</> commands that rewrite tables to skip
<acronym>WAL</> logging (Itagaki Takahiro)
</para>
<para>
Such operations either produce a new copy of the table or are rolled
back, so <acronym>WAL</> archiving can be skipped, unless running in
continuous archiving mode. This reduces I/O overhead and improves
performance.
</para>
</listitem>
<listitem>
<para>
Fix failure of <literal>ALTER TABLE <replaceable>table</> ADD COLUMN
<replaceable>col</> serial</literal> when done by non-owner of table
(Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="SQL-CREATETABLE"><command>CREATE TABLE</></link></title>
<itemizedlist>
<listitem>
<para>
Add support for copying <literal>COMMENTS</> and <literal>STORAGE</>
settings in <command>CREATE TABLE ... LIKE</> commands
(Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Add a shortcut for copying all properties in <command>CREATE
TABLE ... LIKE</> commands (Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Add the SQL-standard
<literal>CREATE TABLE ... OF <replaceable>type</></literal> command
(Peter Eisentraut)
</para>
<para>
This allows creation of a table that matches an existing composite
type. Additional constraints and defaults can be specified in the
command.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Constraints</title>
<itemizedlist>
<listitem>
<para>
Add <link linkend="SQL-CREATETABLE-compatibility">deferrable
unique constraints</link> (Dean Rasheed)
</para>
<para>
This allows mass updates, such as
<literal>UPDATE tab SET col = col + 1</>,
to work reliably
on columns that have unique indexes or are marked as primary keys.
If the constraint is specified as <literal>DEFERRABLE</> it will be
checked at the end of the statement, rather than after each row is
updated. The constraint check can also be deferred until the end of the
current transaction, allowing such updates to be spread over multiple
SQL commands.
</para>
</listitem>
<listitem>
<para>
Add
<link linkend="ddl-constraints-exclusion">exclusion constraints</link>
(Jeff Davis)
</para>
<para>
Exclusion constraints generalize uniqueness constraints by allowing
arbitrary comparison operators, not just equality. They are created
with the <link linkend="SQL-CREATETABLE-EXCLUDE"><command>CREATE
TABLE CONSTRAINT ... EXCLUDE</></link> clause.
The most common use of exclusion constraints is to specify that column
entries must not overlap, rather than simply not be equal. This is
useful for time periods and other ranges, as well as arrays.
This feature enhances checking of data integrity for many
calendaring, time-management, and scientific applications.
</para>
</listitem>
<listitem>
<para>
Improve uniqueness-constraint violation error messages to
report the values causing the failure (Itagaki Takahiro)
</para>
<para>
For example, a uniqueness constraint violation might now report
<literal>Key (x)=(2) already exists</>.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Object Permissions</title>
<itemizedlist>
<listitem>
<para>
Add the ability to make mass permission changes across a whole
schema using the new <link
linkend="SQL-GRANT"><command>GRANT</>/<command>REVOKE
IN SCHEMA</></link> clause (Petr Jelinek)
</para>
<para>
This simplifies management of object permissions
and makes it easier to utilize database roles for application
data security.
</para>
</listitem>
<listitem>
<para>
Add <link linkend="SQL-ALTERDEFAULTPRIVILEGES"><command>ALTER
DEFAULT PRIVILEGES</></link> command to control privileges
of objects created later (Petr Jelinek)
</para>
<para>
This greatly simplifies the assignment of object privileges in a
complex database application. Default privileges can be set for
tables, views, sequences, and functions. Defaults may be assigned on a
per-schema basis, or database-wide.
</para>
</listitem>
<listitem>
<para>
Add the ability to control large object (BLOB) permissions with
<command>GRANT</>/<command>REVOKE</> (KaiGai Kohei)
</para>
<para>
Formerly, any database user could read or modify any large object.
Read and write permissions can now be granted and revoked per
large object, and the ownership of large objects is tracked.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Utility Operations</title>
<itemizedlist>
<listitem>
<para>
Make <link linkend="SQL-LISTEN"><command>LISTEN</></link>/<link
linkend="SQL-NOTIFY"><command>NOTIFY</></link> store pending events
in a memory queue, rather than in a system table (Joachim
Wieland)
</para>
<para>
This substantially improves performance, while retaining the existing
features of transactional support and guaranteed delivery.
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="SQL-NOTIFY"><command>NOTIFY</></link>
to pass an optional <quote>payload</> string to listeners
(Joachim Wieland)
</para>
<para>
This greatly improves the usefulness of
<command>LISTEN</>/<command>NOTIFY</> as a
general-purpose event queue system.
</para>
</listitem>
<listitem>
<para>
Allow <link linkend="SQL-CLUSTER"><command>CLUSTER</></link>
on all per-database system catalogs (Tom Lane)
</para>
<para>
Shared catalogs still cannot be clustered.
</para>
</listitem>
</itemizedlist>
<sect4>
<title><link linkend="SQL-COPY"><command>COPY</></link></title>
<itemizedlist>
<listitem>
<para>
Accept <literal>COPY ... CSV FORCE QUOTE *</>
(Itagaki Takahiro)
</para>
<para>
Now <literal>*</> can be used as shorthand for <quote>all columns</>
in the <literal>FORCE QUOTE</> clause.
</para>
</listitem>
<listitem>
<para>
Add new <command>COPY</> syntax that allows options to be
specified inside parentheses (Robert Haas, Emmanuel Cecchet)
</para>
<para>
This allows greater flexibility for future <command>COPY</> options.
The old syntax is still supported, but only for pre-existing options.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="SQL-EXPLAIN"><command>EXPLAIN</></link></title>
<itemizedlist>
<listitem>
<para>
Allow <command>EXPLAIN</> to output in <acronym>XML</>,
<acronym>JSON</>, or <acronym>YAML</> format (Robert Haas, Greg
Sabino Mullane)
</para>
<para>
The new output formats are easily machine-readable, supporting the
development of new tools for analysis of <command>EXPLAIN</> output.
</para>
</listitem>
<listitem>
<para>
Add new <literal>BUFFERS</> option to report query
buffer usage during <command>EXPLAIN ANALYZE</> (Itagaki Takahiro)
</para>
<para>
This allows better query profiling for individual queries.
Buffer usage is no longer reported in the output for <link
linkend="runtime-config-statistics-monitor">log_statement_stats</link>
and related settings.
</para>
</listitem>
<listitem>
<para>
Add hash usage information to <command>EXPLAIN</> output (Robert
Haas)
</para>
</listitem>
<listitem>
<para>
Add new <command>EXPLAIN</> syntax that allows options to be
specified inside parentheses (Robert Haas)
</para>
<para>
This allows greater flexibility for future <command>EXPLAIN</> options.
The old syntax is still supported, but only for pre-existing options.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="SQL-VACUUM"><command>VACUUM</></link></title>
<itemizedlist>
<listitem>
<para>
Change <command>VACUUM FULL</> to rewrite the entire table and
rebuild its indexes, rather than moving individual rows around to
compact space (Itagaki Takahiro, Tom Lane)
</para>
<para>
The previous method was usually slower and caused index bloat.
Note that the new method will use more disk space transiently
during <command>VACUUM FULL</>; potentially as much as twice
the space normally occupied by the table and its indexes.
</para>
</listitem>
<listitem>
<para>
Add new <command>VACUUM</> syntax that allows options to be
specified inside parentheses (Itagaki Takahiro)
</para>
<para>
This allows greater flexibility for future <command>VACUUM</> options.
The old syntax is still supported, but only for pre-existing options.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Indexes</title>
<itemizedlist>
<listitem>
<para>
Allow an index to be named automatically by omitting the index name in
<link linkend="SQL-CREATEINDEX"><command>CREATE INDEX</></link>
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
By default, multicolumn indexes are now named after all their columns;
and index expression columns are now named based on their expressions
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Reindexing shared system catalogs is now fully transactional
and crash-safe (Tom Lane)
</para>
<para>
Formerly, reindexing a shared index was only allowed in standalone
mode, and a crash during the operation could leave the index in
worse condition than it was before.
</para>
</listitem>
<listitem>
<para>
Add <literal>point_ops</> operator class for <acronym>GiST</>
(Teodor Sigaev)
</para>
<para>
This feature permits <acronym>GiST</> indexing of <type>point</>
columns. The index can be used for several types of queries
such as <replaceable>point</> <literal>&lt;@</> <replaceable>polygon</>
(point is in polygon). This should make many
<productname>PostGIS</> queries faster.
</para>
</listitem>
<listitem>
<para>
Use red-black binary trees for <acronym>GIN</> index creation
(Teodor Sigaev)
</para>
<para>
Red-black trees are self-balancing. This avoids slowdowns in
cases where the input is in nonrandom order.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Data Types</title>
<itemizedlist>
<listitem>
<para>
Allow <link linkend="datatype-binary"><type>bytea</></link> values
to be written in hex notation (Peter Eisentraut)
</para>
<para>
The server parameter <link
linkend="guc-bytea-output"><varname>bytea_output</></link> controls
whether hex or traditional format is used for <type>bytea</>
output. Libpq's <function>PQescapeByteaConn()</> function automatically
uses the hex format when connected to <productname>PostgreSQL</> 9.0
or newer servers. However, pre-9.0 libpq versions will not
correctly process hex format from newer servers.
</para>
<para>
The new hex format will be directly compatible with more applications
that use binary data, allowing them to store and retrieve it without
extra conversion. It is also significantly faster to read and write
than the traditional format.
</para>
</listitem>
<listitem>
<para>
Allow server parameter <link
linkend="guc-extra-float-digits">extra_float_digits</link>
to be increased to <literal>3</> (Tom Lane)
</para>
<para>
The previous maximum <varname>extra_float_digits</> setting was
<literal>2</>. There are cases where 3 digits are needed to dump and
restore <type>float4</> values exactly. <application>pg_dump</> will
now use the setting of 3 when dumping from a server that allows it.
</para>
</listitem>
<listitem>
<para>
Tighten input checking for <type>int2vector</> values (Caleb
Welton)
</para>
</listitem>
</itemizedlist>
<sect4>
<title><link linkend="textsearch">Full Text Search</link></title>
<itemizedlist>
<listitem>
<para>
Add prefix support in <literal>synonym</> dictionaries
(Teodor Sigaev)
</para>
</listitem>
<listitem>
<para>
Add <firstterm>filtering</> dictionaries (Teodor Sigaev)
</para>
<para>
Filtering dictionaries allow tokens to be modified then passed to
subsequent dictionaries.
</para>
</listitem>
<listitem>
<para>
Allow underscores in email-address tokens (Teodor Sigaev)
</para>
</listitem>
<listitem>
<para>
Use more standards-compliant rules for parsing <acronym>URL</> tokens
(Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Functions</title>
<itemizedlist>
<listitem>
<para>
Allow function calls to supply parameter names and match them to named
parameters in the function definition (Pavel Stehule)
</para>
<para>
For example, if a function is defined to take parameters <literal>a</>
and <literal>b</>, it can be called with <literal>func(a := 7, b
:= 12)</> or <literal>func(b := 12, a := 7)</>.
</para>
</listitem>
<listitem>
<para>
Support locale-specific <link
linkend="functions-posix-regexp">regular expression</link>
processing with <acronym>UTF-8</> server encoding (Tom Lane)
</para>
<para>
Locale-specific regular expression functionality includes
case-insensitive matching and locale-specific character classes.
Previously, these features worked correctly for non-<acronym>ASCII</>
characters only if the database used a single-byte server encoding (such
as LATIN1). They will still misbehave in multi-byte encodings other
than <acronym>UTF-8</>.
</para>
</listitem>
<listitem>
<para>
Add support for scientific notation in <link
linkend="functions-formatting"><function>to_char()</></link>
(<link linkend="functions-formatting-numeric-table"><literal>EEEE</>
specification</link>)
(Pavel Stehule, Brendan Jurd)
</para>
</listitem>
<listitem>
<para>
Make <function>to_char()</> honor <link
linkend="functions-formatting-datetimemod-table"><literal>FM</></link>
(fill mode) in <literal>Y</>, <literal>YY</>, and
<literal>YYY</> specifications (Bruce Momjian, Tom Lane)
</para>
<para>
It was already honored by <literal>YYYY</>.
</para>
</listitem>
<listitem>
<para>
Fix <function>to_char()</> to output localized numeric and monetary
strings in the correct encoding on <productname>Windows</>
(Hiroshi Inoue, Itagaki Takahiro, Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Correct calculations of <link
linkend="functions-geometry-op-table"><quote>overlaps</quote></link>
and <quote>contains</quote> operations for polygons (Teodor Sigaev)
</para>
<para>
The polygon <literal>&amp;&amp;</> (overlaps) operator formerly just
checked to see if the two polygons' bounding boxes overlapped. It now
does a more correct check. The polygon <literal>@&gt;</> and
<literal>&lt;@</> (contains/contained by) operators formerly checked
to see if one polygon's vertexes were all contained in the other;
this can wrongly report <quote>true</> for some non-convex polygons.
Now they check that all line segments of one polygon are contained in
the other.
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Aggregates</title>
<itemizedlist>
<listitem>
<para>
Allow aggregate functions to use <link
linkend="syntax-aggregates"><literal>ORDER BY</></link> (Andrew Gierth)
</para>
<para>
For example, this is now supported: <literal>array_agg(a ORDER BY
b)</>. This is useful with aggregates for which the order of input
values is significant, and eliminates the need to use a nonstandard
subquery to determine the ordering.
</para>
</listitem>
<listitem>
<para>
Multi-argument aggregate functions can now use <literal>DISTINCT</>
(Andrew Gierth)
</para>
</listitem>
<listitem>
<para>
Add the <link
linkend="functions-aggregate-table"><function>string_agg()</></link>
aggregate function to combine values into a single
string (Pavel Stehule)
</para>
</listitem>
<listitem>
<para>
Aggregate functions that are called with <literal>DISTINCT</> are
now passed NULL values if the aggregate transition function is
not marked as <literal>STRICT</> (Andrew Gierth)
</para>
<para>
For example, <literal>agg(DISTINCT x)</> might pass a NULL <literal>x</>
value to <function>agg()</>. This is more consistent with the behavior
in non-<literal>DISTINCT</> cases.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Bit Strings</title>
<itemizedlist>
<listitem>
<para>
Add <link
linkend="functions-binarystring-other"><function>get_bit()</></link>
and <function>set_bit()</> functions for <type>bit</>
strings, mirroring those for <type>bytea</> (Leonardo
F)
</para>
</listitem>
<listitem>
<para>
Implement <link
linkend="functions-string-sql"><function>OVERLAY()</></link>
(replace) for <type>bit</> strings and <type>bytea</>
(Leonardo F)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Object Information Functions</title>
<itemizedlist>
<listitem>
<para>
Add <link
linkend="functions-admin-dbsize"><function>pg_table_size()</></link>
and <function>pg_indexes_size()</> to provide a more
user-friendly interface to the <function>pg_relation_size()</>
function (Bernd Helmle)
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="functions-info-access-table"><function>has_sequence_privilege()</></link>
for sequence permission checking (Abhijit Menon-Sen)
</para>
</listitem>
<listitem>
<para>
Update the <link linkend="information-schema">information_schema</link>
views to conform to SQL:2008
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Make the <literal>information_schema</> views correctly display maximum
octet lengths for <type>char</> and <type>varchar</> columns (Peter
Eisentraut)
</para>
</listitem>
<listitem>
<para>
Speed up <literal>information_schema</> privilege views
(Joachim Wieland)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Function and Trigger Creation</title>
<itemizedlist>
<listitem>
<para>
Support execution of anonymous code blocks using the <link
linkend="SQL-DO"><command>DO</></link> statement
(Petr Jelinek, Joshua Tolley, Hannu Valtonen)
</para>
<para>
This allows execution of server-side code without the need to create
and delete a temporary function definition. Code can be executed in
any language for which the user has permissions to define a function.
</para>
</listitem>
<listitem>
<para>
Implement SQL-standard-compliant <link
linkend="SQL-CREATETRIGGER">per-column triggers</link>
(Itagaki Takahiro)
</para>
<para>
Such triggers are fired only when the specified column(s) are affected
by the query, e.g. appear in an <command>UPDATE</>'s <literal>SET</>
list.
</para>
</listitem>
<listitem>
<para>
Add the <literal>WHEN</> clause to <link
linkend="SQL-CREATETRIGGER"><command>CREATE TRIGGER</></link>
to allow control over whether a trigger is fired (Itagaki
Takahiro)
</para>
<para>
While the same type of check can always be performed inside the
trigger, doing it in an external <literal>WHEN</> clause can have
performance benefits.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Server-Side Languages</title>
<itemizedlist>
<listitem>
<para>
Add the <literal>OR REPLACE</> clause to <link
linkend="SQL-CREATELANGUAGE"><command>CREATE LANGUAGE</></link>
(Tom Lane)
</para>
<para>
This is helpful to optionally install a language if it does not
already exist, and is particularly helpful now that PL/pgSQL is
installed by default.
</para>
</listitem>
</itemizedlist>
<sect4>
<title><link linkend="plpgsql">PL/pgSQL</link> Server-Side
Language</title>
<itemizedlist>
<listitem>
<para>
Install PL/pgSQL by default (Bruce Momjian)
</para>
<para>
The language can still be removed from a particular database if the
administrator has security or performance concerns about making it
available.
</para>
</listitem>
<listitem>
<para>
Improve handling of cases where PL/pgSQL variable names conflict with
identifiers used in queries within a function
(Tom Lane)
</para>
<para>
The default behavior is now to throw an error when there is a conflict,
so as to avoid surprising behaviors. This can be modified, via the
configuration parameter <link
linkend="plpgsql-var-subst"><varname>plpgsql.variable_conflict</></link>
or the per-function option <literal>#variable_conflict</>, to allow
either the variable or the query-supplied column to be used. In any
case PL/pgSQL will no longer attempt to substitute variables in places
where they would not be syntactically valid.
</para>
</listitem>
<listitem>
<para>
Make PL/pgSQL use the main lexer, rather than its own version
(Tom Lane)
</para>
<para>
This ensures accurate tracking of the main system's behavior for details
such as string escaping. Some user-visible details, such as the set
of keywords considered reserved in PL/pgSQL, have changed in
consequence.
</para>
</listitem>
<listitem>
<para>
Avoid throwing an unnecessary error for an invalid record reference
(Tom Lane)
</para>
<para>
An error is now thrown only if the reference is actually fetched,
rather than whenever the enclosing expression is reached. For
example, many people have tried to do this in triggers:
<programlisting>
if TG_OP = 'INSERT' and NEW.col1 = ... then
</programlisting>
This will now actually work as expected.
</para>
</listitem>
<listitem>
<para>
Improve PL/pgSQL's ability to handle row types with dropped columns
(Pavel Stehule)
</para>
</listitem>
<listitem>
<para>
Allow input parameters to be assigned values within
PL/pgSQL functions (Steve Prentice)
</para>
<para>
Formerly, input parameters were treated as being declared
<literal>CONST</>, so the function's code could not change their
values. This restriction has been removed to simplify
porting of functions from other DBMSes that do not impose the
equivalent restriction. An input parameter now acts like a local
variable initialized to the passed-in value.
</para>
</listitem>
<listitem>
<para>
Improve error location reporting in PL/pgSQL (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add <replaceable>count</> and <literal>ALL</> options to <command>MOVE
FORWARD</>/<literal>BACKWARD</> in PL/pgSQL (Pavel Stehule)
</para>
</listitem>
<listitem>
<para>
Allow PL/pgSQL's <literal>WHERE CURRENT OF</> to use a cursor
variable (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow PL/pgSQL's <command>OPEN <replaceable>cursor</> FOR EXECUTE</> to
use parameters (Pavel Stehule, Itagaki Takahiro)
</para>
<para>
This is accomplished with a new <literal>USING</> clause.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="plperl">PL/Perl</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Add new PL/Perl functions: <link
linkend="plperl-utility-functions"><function>quote_literal()</></link>,
<function>quote_nullable()</>, <function>quote_ident()</>,
<function>encode_bytea()</>, <function>decode_bytea()</>,
<function>looks_like_number()</>,
<function>encode_array_literal()</>,
<function>encode_array_constructor()</> (Tim Bunce)
</para>
</listitem>
<listitem>
<para>
Add server parameter <link
linkend="guc-plperl-on-init"><varname>plperl.on_init</></link> to
specify a PL/Perl initialization function (Tim
Bunce)
</para>
<para>
<link
linkend="guc-plperl-on-plperl-init"><varname>plperl.on_plperl_init</></link>
and <link
linkend="guc-plperl-on-plperl-init"><varname>plperl.on_plperlu_init</></link>
are also available for initialization that is specific to the trusted
or untrusted language respectively.
</para>
</listitem>
<listitem>
<para>
Support <command>END</> blocks in PL/Perl (Tim Bunce)
</para>
<para>
<command>END</> blocks do not currently allow database access.
</para>
</listitem>
<listitem>
<para>
Allow <command>use strict</> in PL/Perl (Tim Bunce)
</para>
<para>
Perl <literal>strict</> checks can also be globally enabled with the
new server parameter <link
linkend="guc-plperl-use-strict"><varname>plperl.use_strict</></link>.
</para>
</listitem>
<listitem>
<para>
Allow <command>require</> in PL/Perl (Tim Bunce)
</para>
<para>
This basically tests to see if the module is loaded, and if not,
generates an error. It will not allow loading of modules that
the administrator has not preloaded via the initialization parameters.
</para>
</listitem>
<listitem>
<para>
Allow <command>use feature</> in PL/Perl if Perl version 5.10 or
later is used (Tim Bunce)
</para>
</listitem>
<listitem>
<para>
Verify that PL/Perl return values are valid in the server encoding
(Andrew Dunstan)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="plpython">PL/Python</link> Server-Side Language</title>
<itemizedlist>
<listitem>
<para>
Add Unicode support in PL/Python (Peter Eisentraut)
</para>
<para>
Strings are automatically converted from/to the server encoding as
necessary.
</para>
</listitem>
<listitem>
<para>
Improve <type>bytea</> support in PL/Python (Caleb Welton)
</para>
<para>
<type>Bytea</> values passed into PL/Python are now represented as
binary, rather than the PostgreSQL <type>bytea</> text format.
<type>Bytea</> values containing null bytes are now also output
properly from PL/Python. Passing of boolean, integer, and float
values was also improved.
</para>
</listitem>
<listitem>
<para>
Support <link linkend="plpython-arrays">arrays</link> as parameters and
return values in PL/Python (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Improve mapping of SQL domains to Python types (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Add <application>Python</> 3 support to PL/Python (Peter Eisentraut)
</para>
<para>
The new server-side language is called <link
linkend="plpython-python23"><literal>plpython3u</></link>. This
cannot be used in the same session with the
<application>Python</> 2 server-side language.
</para>
</listitem>
<listitem>
<para>
Improve error location and exception reporting in PL/Python (Peter Eisentraut)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Client Applications</title>
<itemizedlist>
<listitem>
<para>
Add an <option>--analyze-only</> option to <link
linkend="APP-VACUUMDB"><command>vacuumdb</></link>, to analyze without
vacuuming (Bruce Momjian)
</para>
</listitem>
</itemizedlist>
<sect4>
<title><link linkend="APP-PSQL"><application>psql</></link></title>
<itemizedlist>
<listitem>
<para>
Add support for quoting/escaping the values of <application>psql</>
<link linkend="APP-PSQL-variables">variables</link> as SQL strings or
identifiers (Pavel Stehule, Robert Haas)
</para>
<para>
For example, <literal>:'var'</> will produce the value of
<literal>var</> quoted and properly escaped as a literal string, while
<literal>:"var"</> will produce its value quoted and escaped as an
identifier.
</para>
</listitem>
<listitem>
<para>
Ignore a leading UTF-8-encoded Unicode byte-order marker in
script files read by <application>psql</> (Itagaki Takahiro)
</para>
<para>
This is enabled when the client encoding is <acronym>UTF-8</>.
It improves compatibility with certain editors, mostly on Windows,
that insist on inserting such markers.
</para>
</listitem>
<listitem>
<para>
Fix <command>psql --file -</> to properly honor <link
linkend="R1-APP-PSQL-3"><option>--single-transaction</></link>
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Avoid overwriting of <application>psql</>'s command-line history when
two <application>psql</> sessions are run concurrently (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Improve <application>psql</>'s tab completion support (Itagaki
Takahiro)
</para>
</listitem>
<listitem>
<para>
Show <literal>\timing</> output when it is enabled, regardless of
<quote>quiet</> mode (Peter Eisentraut)
</para>
</listitem>
</itemizedlist>
<sect5>
<title><application>psql</> Display</title>
<itemizedlist>
<listitem>
<para>
Improve display of wrapped columns in <application>psql</> (Roger
Leigh)
</para>
<para>
This behavior is now the default.
The previous formatting is available by using <command>\pset linestyle
old-ascii</>.
</para>
</listitem>
<listitem>
<para>
Allow <application>psql</> to use fancy Unicode line-drawing
characters via <command>\pset linestyle unicode</> (Roger Leigh)
</para>
</listitem>
</itemizedlist>
</sect5>
<sect5>
<title><application>psql</> <link
linkend="APP-PSQL-meta-commands"><command>\d</></link>
Commands</title>
<itemizedlist>
<listitem>
<para>
Make <command>\d</> show child tables that inherit from the specified
parent (Damien Clochard)
</para>
<para>
<command>\d</> shows only the number of child tables, while
<command>\d+</> shows the names of all child tables.
</para>
</listitem>
<listitem>
<para>
Show definitions of index columns in <command>\d index_name</>
(Khee Chin)
</para>
<para>
The definition is useful for expression indexes.
</para>
</listitem>
<listitem>
<para>
Show a view's defining query only in
<command>\d+</>, not in <command>\d</> (Peter Eisentraut)
</para>
<para>
Always including the query was deemed overly verbose.
</para>
</listitem>
</itemizedlist>
</sect5>
</sect4>
<sect4>
<title><link linkend="APP-PGDUMP"><application>pg_dump</></link></title>
<itemizedlist>
<listitem>
<para>
Make <application>pg_dump</>/<application>pg_restore</>
<link linkend="pg-dump-options"><option>--clean</></link>
also remove large objects (Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Fix <application>pg_dump</> to properly dump large objects when
<literal>standard_conforming_strings</> is enabled (Tom Lane)
</para>
<para>
The previous coding could fail when dumping to an archive file
and then generating script output from <application>pg_restore</>.
</para>
</listitem>
<listitem>
<para>
<application>pg_restore</> now emits large-object data in hex format
when generating script output (Tom Lane)
</para>
<para>
This could cause compatibility problems if the script is then
loaded into a pre-9.0 server. To work around that, restore
directly to the server, instead.
</para>
</listitem>
<listitem>
<para>
Allow <application>pg_dump</> to dump comments attached to columns
of composite types (Taro Minowa (Higepon))
</para>
</listitem>
<listitem>
<para>
Make <application>pg_dump</> <link
linkend="pg-dump-options"><option>--verbose</></link>
output the <application>pg_dump</> and server versions
in text output mode (Jim Cox, Tom Lane)
</para>
<para>
These were already provided in custom output mode.
</para>
</listitem>
<listitem>
<para>
<application>pg_restore</> now complains if any command-line arguments
remain after the switches and optional file name (Tom Lane)
</para>
<para>
Previously, it silently ignored any such arguments.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link
linkend="app-pg-ctl"><application>pg_ctl</></link></title>
<itemizedlist>
<listitem>
<para>
Allow <application>pg_ctl</> to be used safely to start the
<application>postmaster</> during a system reboot (Tom Lane)
</para>
<para>
Previously, <application>pg_ctl</>'s parent process could have been
mistakenly identified as a running <application>postmaster</> based on
a stale <application>postmaster</> lock file, resulting in a transient
failure to start the database.
</para>
</listitem>
<listitem>
<para>
Give <application>pg_ctl</> the ability to initialize the database
(by invoking <application>initdb</>) (Zdenek Kotala)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title><application>Development Tools</></title>
<sect4>
<title><link linkend="libpq"><application>libpq</></link></title>
<itemizedlist>
<listitem>
<para>
Add new <application>libpq</> functions
<link
linkend="libpq-connect"><function>PQconnectdbParams()</></link>
and <function>PQconnectStartParams()</> (Guillaume
Lelarge)
</para>
<para>
These functions are similar to <function>PQconnectdb()</> and
<function>PQconnectStart()</> except that they accept a null-terminated
array of connection options, rather than requiring all options to
be provided in a single string.
</para>
</listitem>
<listitem>
<para>
Add <application>libpq</> functions <link
linkend="libpq-exec-escape-string"><function>PQescapeLiteral()</></link>
and <function>PQescapeIdentifier()</> (Robert Haas)
</para>
<para>
These functions return appropriately quoted and escaped SQL string
literals and identifiers. The caller is not required to pre-allocate
the string result, as is required by <function>PQescapeStringConn()</>.
</para>
</listitem>
<listitem>
<para>
Add support for a per-user service file (<link
linkend="libpq-pgservice"><filename>.pg_service.conf</></link>),
which is checked before the site-wide service file
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Properly report an error if the specified <application>libpq</> service
cannot be found (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Add <link linkend="libpq-keepalives">TCP keepalive settings</link>
in libpq (Tollef Fog Heen, Fujii Masao, Robert Haas)
</para>
<para>
Keepalive settings were already supported on the server end of
TCP connections.
</para>
</listitem>
<listitem>
<para>
Avoid extra system calls to block and unblock <literal>SIGPIPE</>
in <application>libpq</>, on platforms that offer alternative methods
(Jeremy Kerr)
</para>
</listitem>
<listitem>
<para>
When a <link linkend="libpq-pgpass"><filename>.pgpass</></link>-supplied
password fails, mention where the password came from in the error
message (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Load all SSL certificates given in the client certificate file
(Tom Lane)
</para>
<para>
This improves support for indirectly-signed SSL certificates.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title><link linkend="ecpg"><application>ecpg</></link></title>
<itemizedlist>
<listitem>
<para>
Add <link linkend="ecpg-descriptors"><acronym>SQLDA</></link>
(SQL Descriptor Area) support to <application>ecpg</>
(Boszormenyi Zoltan)
</para>
</listitem>
<listitem>
<para>
Add the <link linkend="ecpg-descriptors"><command>DESCRIBE</>
[ <literal>OUTPUT</> ]</link> statement to <application>ecpg</>
(Boszormenyi Zoltan)
</para>
</listitem>
<listitem>
<para>
Add an <link linkend="ecpg-library">ECPGtransactionStatus</link>
function to return the current transaction status (Bernd Helmle)
</para>
</listitem>
<listitem>
<para>
Add the <literal>string</> data type in <application>ecpg</>
Informix-compatibility mode (Boszormenyi Zoltan)
</para>
</listitem>
<listitem>
<para>
Allow <application>ecpg</> to use <literal>new</> and <literal>old</>
variable names without restriction (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Allow <application>ecpg</> to use variable names in
<function>free()</> (Michael Meskes)
</para>
</listitem>
<listitem>
<para>
Make <function>ecpg_dynamic_type()</> return zero for non-SQL3 data
types (Michael Meskes)
</para>
<para>
Previously it returned the negative of the data type OID.
This could be confused with valid type OIDs, however.
</para>
</listitem>
<listitem>
<para>
Support <type>long long</> types on platforms that already have 64-bit
<type>long</> (Michael Meskes)
</para>
</listitem>
</itemizedlist>
<sect5>
<title><application>ecpg</> Cursors</title>
<itemizedlist>
<listitem>
<para>
Add out-of-scope cursor support in <application>ecpg</>'s native mode
(Boszormenyi Zoltan)
</para>
<para>
This allows <command>DECLARE</> to use variables that are not in
scope when <command>OPEN</> is called. This facility already existed
in <application>ecpg</>'s Informix-compatibility mode.
</para>
</listitem>
<listitem>
<para>
Allow dynamic cursor names in <application>ecpg</> (Boszormenyi Zoltan)
</para>
</listitem>
<listitem>
<para>
Allow <application>ecpg</> to use noise words <literal>FROM</> and
<literal>IN</> in <command>FETCH</> and <command>MOVE</> (Boszormenyi
Zoltan)
</para>
</listitem>
</itemizedlist>
</sect5>
</sect4>
</sect3>
<sect3>
<title>Build Options</title>
<itemizedlist>
<listitem>
<para>
Enable client thread safety by default (Bruce Momjian)
</para>
<para>
The thread-safety option can be disabled with <link
linkend="configure"><literal>configure</></link>
<option>--disable-thread-safety</>.
</para>
</listitem>
<listitem>
<para>
Add support for controlling the Linux out-of-memory killer
(Alex Hunsaker, Tom Lane)
</para>
<para>
Now that <filename>/proc/self/oom_adj</> allows disabling
of the <productname>Linux</> out-of-memory (<acronym>OOM</>)
killer, it's recommendable to disable OOM kills for the postmaster.
It may then be desirable to re-enable OOM kills for the postmaster's
child processes. The new compile-time option <link
linkend="linux-memory-overcommit"><literal>LINUX_OOM_ADJ</></link>
allows the killer to be reactivated for child processes.
</para>
</listitem>
</itemizedlist>
<sect4>
<title>Makefiles</title>
<itemizedlist>
<listitem>
<para>
New <filename>Makefile</> targets <link
linkend="build"><literal>world</></link>,
<literal>install-world</>, and <literal>installcheck-world</>
(Andrew Dunstan)
</para>
<para>
These are similar to the existing <literal>all</>, <literal>install</>,
and <literal>installcheck</> targets, but they also build the
<acronym>HTML</> documentation, build and test <filename>contrib</>,
and test server-side languages and <application>ecpg</>.
</para>
</listitem>
<listitem>
<para>
Add data and documentation installation location control to
<acronym>PGXS</> Makefiles (Mark Cave-Ayland)
</para>
</listitem>
<listitem>
<para>
Add Makefile rules to build the <productname>PostgreSQL</> documentation
as a single <acronym>HTML</> file or as a single plain-text file
(Peter Eisentraut, Bruce Momjian)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Windows</title>
<itemizedlist>
<listitem>
<para>
Support compiling on <link
linkend="install-windows">64-bit
<productname>Windows</></link> and running in 64-bit
mode (Tsutomu Yamada, Magnus Hagander)
</para>
<para>
This allows for large shared memory sizes on <productname>Windows</>.
</para>
</listitem>
<listitem>
<para>
Support server builds using <link
linkend="install-windows-full"><productname>Visual Studio
2008</></link> (Magnus Hagander)
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Source Code</title>
<itemizedlist>
<listitem>
<para>
Distribute prebuilt documentation in a subdirectory tree, rather than
as tar archive files inside the distribution tarball
(Peter Eisentraut)
</para>
<para>
For example, the prebuilt <acronym>HTML</> documentation is now in
<filename>doc/src/sgml/html/</>; the manual pages are packaged
similarly.
</para>
</listitem>
<listitem>
<para>
Make the server's lexer reentrant (Tom Lane)
</para>
<para>
This was needed for use of the lexer by PL/pgSQL.
</para>
</listitem>
<listitem>
<para>
Improve speed of memory allocation (Tom Lane, Greg Stark)
</para>
</listitem>
<listitem>
<para>
User-defined constraint triggers now have entries in
<structname>pg_constraint</> as well as <structname>pg_trigger</>
(Tom Lane)
</para>
<para>
Because of this change,
<structname>pg_constraint</>.<structfield>pgconstrname</> is now
redundant and has been removed.
</para>
</listitem>
<listitem>
<para>
Add system catalog columns
<structname>pg_constraint</>.<structfield>conindid</> and
<structname>pg_trigger</>.<structfield>tgconstrindid</>
to better document the use of indexes for constraint
enforcement (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Allow multiple conditions to be communicated to backends using a single
operating system signal (Fujii Masao)
</para>
<para>
This allows new features to be added without a platform-specific
constraint on the number of signal conditions.
</para>
</listitem>
<listitem>
<para>
Improve source code test coverage, including <filename>contrib</>, PL/Python,
and PL/Perl (Peter Eisentraut, Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Remove the use of flat files for system table bootstrapping
(Tom Lane, Alvaro Herrera)
</para>
<para>
This improves performance when using many roles or
databases, and eliminates some possible failure conditions.
</para>
</listitem>
<listitem>
<para>
Automatically generate the initial contents of
<structname>pg_attribute</> for <quote>bootstrapped</> catalogs
(John Naylor)
</para>
<para>
This greatly simplifies changes to these catalogs.
</para>
</listitem>
<listitem>
<para>
Split the processing of
<command>INSERT</>/<command>UPDATE</>/<command>DELETE</> operations out
of <filename>execMain.c</> (Marko Tiikkaja)
</para>
<para>
Updates are now executed in a separate ModifyTable node. This change is
necessary infrastructure for future improvements.
</para>
</listitem>
<listitem>
<para>
Simplify translation of <application>psql</>'s SQL help text
(Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Reduce the lengths of some file names so that all file paths in the
distribution tarball are less than 100 characters (Tom Lane)
</para>
<para>
Some decompression programs have problems with longer file paths.
</para>
</listitem>
<listitem>
<para>
Add a new <link
linkend="errcodes-table"><literal>ERRCODE_INVALID_PASSWORD</></link>
<literal>SQLSTATE</> error code (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
With authors' permissions, remove the few remaining personal source code
copyright notices (Bruce Momjian)
</para>
<para>
The personal copyright notices were insignificant but the community
occasionally had to answer questions about them.
</para>
</listitem>
<listitem>
<para>
Add new documentation <link linkend="non-durability">section</link>
about running <productname>PostgreSQL</> in non-durable mode
to improve performance (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Restructure the <acronym>HTML</> documentation
<filename>Makefile</> rules to make their dependency checks work
correctly, avoiding unnecessary rebuilds (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Use <productname>DocBook</> <acronym>XSL</> stylesheets for man page
building, rather than <productname>Docbook2X</> (Peter Eisentraut)
</para>
<para>
This changes the set of tools needed to build the man pages.
</para>
</listitem>
<listitem>
<para>
Improve PL/Perl code structure (Tim Bunce)
</para>
</listitem>
<listitem>
<para>
Improve error context reports in PL/Perl (Alexey Klyukin)
</para>
</listitem>
</itemizedlist>
<sect4>
<title>New Build Requirements</title>
<para>
Note that these requirements do not apply when building from a
distribution tarball, since tarballs include the files that these
programs are used to build.
</para>
<itemizedlist>
<listitem>
<para>
Require <application>Autoconf</> 2.63 to build
<application>configure</> (Peter Eisentraut)
</para>
</listitem>
<listitem>
<para>
Require <application>Flex</> 2.5.31 or later to build
from a <acronym>CVS</> checkout (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Require <application>Perl</> version 5.8 or later to build
from a <acronym>CVS</> checkout (John Naylor, Andrew Dunstan)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Portability</title>
<itemizedlist>
<listitem>
<para>
Use a more modern <acronym>API</> for <application>Bonjour</> (Tom Lane)
</para>
<para>
Bonjour support now requires <productname>macOS</> 10.3 or later.
The older API has been deprecated by Apple.
</para>
</listitem>
<listitem>
<para>
Add spinlock support for the <productname>SuperH</>
architecture (Nobuhiro Iwamatsu)
</para>
</listitem>
<listitem>
<para>
Allow non-<application>GCC</> compilers to use inline functions if
they support them (Kurt Harriman)
</para>
</listitem>
<listitem>
<para>
Remove support for platforms that don't have a working 64-bit
integer data type (Tom Lane)
</para>
</listitem>
<listitem>
<para>
Restructure use of <literal>LDFLAGS</> to be more consistent
across platforms (Tom Lane)
</para>
<para>
<literal>LDFLAGS</> is now used for linking both executables and shared
libraries, and we add on <literal>LDFLAGS_EX</> when linking
executables, or <literal>LDFLAGS_SL</> when linking shared libraries.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Server Programming</title>
<itemizedlist>
<listitem>
<para>
Make backend header files safe to include in <productname>C++</>
(Kurt Harriman, Peter Eisentraut)
</para>
<para>
These changes remove keyword conflicts that previously made
<productname>C++</> usage difficult in backend code. However, there
are still other complexities when using <productname>C++</> for backend
functions. <literal>extern "C" { }</> is still necessary in
appropriate places, and memory management and error handling are
still problematic.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="xaggr"><function>AggCheckCallContext()</></link>
for use in detecting if a <productname>C</> function is
being called as an aggregate (Hitoshi Harada)
</para>
</listitem>
<listitem>
<para>
Change calling convention for <function>SearchSysCache()</> and related
functions to avoid hard-wiring the maximum number of cache keys
(Robert Haas)
</para>
<para>
Existing calls will still work for the moment, but can be expected to
break in 9.1 or later if not converted to the new style.
</para>
</listitem>
<listitem>
<para>
Require calls of <function>fastgetattr()</> and
<function>heap_getattr()</> backend macros to provide a non-NULL fourth
argument (Robert Haas)
</para>
</listitem>
<listitem>
<para>
Custom typanalyze functions should no longer rely on
<structname>VacAttrStats</>.<structfield>attr</> to determine the type
of data they will be passed (Tom Lane)
</para>
<para>
This was changed to allow collection of statistics on index columns
for which the storage type is different from the underlying column
data type. There are new fields that tell the actual datatype being
analyzed.
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Server Hooks</title>
<itemizedlist>
<listitem>
<para>
Add parser hooks for processing ColumnRef and ParamRef nodes
(Tom Lane)
</para>
</listitem>
<listitem>
<para>
Add a ProcessUtility hook so loadable modules can control utility
commands (Itagaki Takahiro)
</para>
</listitem>
</itemizedlist>
</sect4>
<sect4>
<title>Binary Upgrade Support</title>
<itemizedlist>
<listitem>
<para>
Add <link linkend="pgupgrade"><filename>contrib/pg_upgrade</></link>
to support in-place upgrades (Bruce Momjian)
</para>
<para>
This avoids the requirement of dumping/reloading the database when
upgrading to a new major release of PostgreSQL, thus reducing downtime
by orders of magnitude. It supports upgrades to 9.0
from PostgreSQL 8.3 and 8.4.
</para>
</listitem>
<listitem>
<para>
Add support for preserving relation <link
linkend="catalog-pg-class"><structname>relfilenode</></link> values
during binary upgrades (Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Add support for preserving <structname>pg_type</>
and <structname>pg_enum</> OIDs during binary upgrades
(Bruce Momjian)
</para>
</listitem>
<listitem>
<para>
Move data files within tablespaces into
<productname>PostgreSQL</>-version-specific subdirectories
(Bruce Momjian)
</para>
<para>
This simplifies binary upgrades.
</para>
</listitem>
</itemizedlist>
</sect4>
</sect3>
<sect3>
<title>Contrib</title>
<itemizedlist>
<listitem>
<para>
Add multithreading option (<option>-j</>) to <link
linkend="pgbench"><filename>contrib/pgbench</></link>
(Itagaki Takahiro)
</para>
<para>
This allows multiple <acronym>CPU</>s to be used by pgbench,
reducing the risk of pgbench itself becoming the test bottleneck.
</para>
</listitem>
<listitem>
<para>
Add <command>\shell</> and <command>\setshell</> meta
commands to <link
linkend="pgbench"><filename>contrib/pgbench</></link>
(Michael Paquier)
</para>
</listitem>
<listitem>
<para>
New features for <link
linkend="dict-xsyn"><filename>contrib/dict_xsyn</></link>
(Sergey Karpov)
</para>
<para>
The new options are <literal>matchorig</>, <literal>matchsynonyms</>,
and <literal>keepsynonyms</>.
</para>
</listitem>
<listitem>
<para>
Add full text dictionary <link
linkend="unaccent"><filename>contrib/unaccent</></link>
(Teodor Sigaev)
</para>
<para>
This filtering dictionary removes accents from letters, which
makes full-text searches over multiple languages much easier.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="CONTRIB-DBLINK-GET-NOTIFY"><function>dblink_get_notify()</></link>
to <filename>contrib/dblink</> (Marcus Kempe)
</para>
<para>
This allows asynchronous notifications in <productname>dblink</>.
</para>
</listitem>
<listitem>
<para>
Improve <filename>contrib/dblink</>'s handling of dropped columns
(Tom Lane)
</para>
<para>
This affects <link
linkend="CONTRIB-DBLINK-BUILD-SQL-INSERT"><function>dblink_build_sql_insert()</></link>
and related functions. These functions now number columns according
to logical not physical column numbers.
</para>
</listitem>
<listitem>
<para>
Greatly increase <link
linkend="hstore"><filename>contrib/hstore</></link>'s data
length limit, and add B-tree and hash support so <literal>GROUP
BY</> and <literal>DISTINCT</> operations are possible on
<type>hstore</> columns (Andrew Gierth)
</para>
<para>
New functions and operators were also added. These improvements
make <type>hstore</> a full-function key-value store embedded in
<productname>PostgreSQL</>.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="passwordcheck"><filename>contrib/passwordcheck</></link>
to support site-specific password strength policies (Laurenz
Albe)
</para>
<para>
The source code of this module should be modified to implement
site-specific password policies.
</para>
</listitem>
<listitem>
<para>
Add <link
linkend="pgarchivecleanup"><filename>contrib/pg_archivecleanup</></link>
tool (Simon Riggs)
</para>
<para>
This is designed to be used in the
<literal>archive_cleanup_command</literal>
server parameter, to remove no-longer-needed archive files.
</para>
</listitem>
<listitem>
<para>
Add query text to <link
linkend="auto-explain"><filename>contrib/auto_explain</></link>
output (Andrew Dunstan)
</para>
</listitem>
<listitem>
<para>
Add buffer access counters to <link
linkend="pgstatstatements"><filename>contrib/pg_stat_statements</></link>
(Itagaki Takahiro)
</para>
</listitem>
<listitem>
<para>
Update <link
linkend="server-start"><filename>contrib/start-scripts/linux</></link>
to use <filename>/proc/self/oom_adj</> to disable the
<link linkend="linux-memory-overcommit"><productname>Linux</>
out-of-memory</link> (<acronym>OOM</>) killer (Alex
Hunsaker, Tom Lane)
</para>
</listitem>
</itemizedlist>
</sect3>
</sect2>
</sect1>
Reference in New Issue View Git Blame Copy Permalink